SUCCESS STORY

Solar PV

Understand the cyber security posture in more depth for two operating solar projects in Spain.

The Challenge

Understanding their cyber risk posture in more depth for two operating solar projects in Spain. 

For the Renewable Energy sector, the Operational Technology (OT) cyber landscape is undergoing radical change, putting operators of critical infrastructure in constant financial uncertainty about their risk of cyber loss.

IBM reported a staggering 2000% increase in cybersecurity incidents against OT and predicted a 30% increase year over year.

One of these critical infrastructures that is directly affected by the increase in cyber risk is the Renewable Energy sector. Our customer owns and operates solar PV generation facilities, and deployed DeRISK in two of them located in Spain, to better understand its exposure to cyber risks.

The Solution

Provide a detailed risk assessment explaining their top cyber security risks

The DeRISKTM platform was able to provide the client a detailed risk assessment explaining their top cyber security risks for their solar facilities, broken down by source initial access vector and consequence type.

SolarWorkers-withAccent

The Results

DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, finding that these solar sites have a higher risk exposure compared to other power-sector peers of similar generation capacity.

DeRISK helped prove that the top source of probable loss is web facing apps and external remote services, and thus the area where further protection measures should be prioritized.

Results show that there are inexpensive and cost-effective measures to reduce this risk, such as implementing policies that enforce all passwords are hardened and unique, and that all default passwords are changed. Furthermore, measures that greatly reduce the risk but that require a higher initial investment, such as deploying an application-layer filtering proxy server to ensure that all network traffic to or from the Internet is authorized.

Expected Loss Costs

Initial Access Vector and Expected Loss by Type

0

Web facing app

0

Phishing

0

Downtime

0

Equipment damage


Expected Losses

0 x

Industry average compared to customer

Because of the nature of the customer’s operations as a renewable energy producer, an overwhelming majority of total risk comes from these top two cyber event types: (1) equipment damage and (2) business disruption/downtime makes up 93.7%. After leveraging DeRISK, the customer was able to outperform the industry average exposure to cyber risk.