The practice of energy security has traditionally focused on mitigating the impact of physical disruption of energy supplies. Systems, procedures and protocols are in place to prevent and respond to natural disaster, deliberate physical attack or politically motivated market intervention. These traditional concerns and solutions are as valid as ever, but in the context of the digital information age, there is a new factor that must be accounted for – cybersecurity.
Rapid technological change in the energy sector and the broader economy have delivered significant benefits to both producers and consumers through greater integration and interdependence, but the resultant reliance on digital systems and connectivity may have exposed the sector and the associated critical infrastructures of our digital information age to substantial risks. Strategic physical networks have been rendered digitally accessible not only to their authorised operators, but also to a range of players with malevolent intent.
Cybercrime is not new, and has been widely reported as an issue of increasing concern to both the finance and retail sectors. It takes many forms, ranging from the mildly irritating to the potentially disastrous. It includes cyber-theft and cyber-disruptions. The energy sector shares many of the same concerns as its retail and finance sector counterparts, as certain business models and market mechanisms are features of all sectors.
Historically, the energy sector can be justifiably proud of its record in successfully dealing with a multiplicity of security issues on an ongoing basis. There is no reason to believe that this record will be broken. However, in the interconnected digital age, the concept of what constitutes critical infrastructure transcends traditional lines of sectoral demarcation and is deserving of closer inspection. The interdependence of the energy, retail, and financial sectors is a strong incentive to explore all avenues of knowledge-sharing, capacity-building, and rapid-response.