A paradigm shift for renewables cybersecurity
Greater electricity generation from renewables means their assets are increasingly being classed as critical infrastructure. As a result, renewables operators are now required to comply with many new cybersecurity regulations implemented in response to the industrial internet of things (IIOT).
While regulatory compliance is a good incentive and guideline for cyber resilience, it should be the starting point and not the target state. To shore up the cyber resilience of renewables operations, compliance requirements need to be factored into cybersecurity strategies, but proactive measure are needed to develop additional layers of controls tailored to mitigate specific challenges.
As renewables operators evaluate how to boost cyber resilience, three key paradigm shifts are needed.
- Bridging the maturity gap between IT security and OT security.
- Bridging the security maturity gaps between operations, other functions such as business development and engineering, and third parties.
- Building trust between IT operations and production operations.
These paradigm shifts could allow renewables operators not only to abate risks but also realize benefit for wider digital transformation.
Embedding security into the renewables DNA
For sustained growth, the security gene should be embedded in the renewables DNA to strengthen the cyber resilience of operators’ business, operations and infrastructure. This vision of embedding the security gene requires creating a “cybersecurity playbook.”
Our research identified an elite group of organizations outperforming in cybersecurity. These leaders are four-times better than the rest of the industry at stopping attacks. They are also more proficient at finding breaches and fixing breaches quickly and reducing breach impact.
We see three key differentiators that set cybersecurity leaders apart from the competition, and they provide guidance for renewables operators on what they should do to develop greater cyber resilience: Investing for operational speed, driving value from new investments and sustaining what they have.
Approaches for boosting cyber resilience
Building up cyber resilience requires direct action from renewables operators and collaboration with their ecosystem stakeholders. To effect change, we see two main approaches, and a combination of both could yield the most effective results.
How Accenture can help
Accenture Security helps utilities build resilience with deep industry expertise to advise on strategy, implement innovative digital solutions and help companies continuously manage their security operations. We are continuously innovating to provide comprehensive, next-generation cybersecurity services at each step of the infrastructure lifecycle.
Cybersecurity should be considered as vital as data quality processes in plant design or health, safety and environment (HSE) and fault monitoring and analysis in operations. It should be embedded into renewables activities from design to decommissioning and into contracting with ecosystem partners. Operators will need to go beyond compliance and be proactive in creating their own individual cybersecurity roadmaps. The resiliency of renewables is more important than ever, and cybersecurity is at the core.