UK's renewable energy revolution is at risk from cyberattacks: Javvad Malik

A coordinated attack could create exactly this scenario: airports grounded, hospitals running on limited backup power, telecommunications failing and even simple things like keeping food frozen becoming critical challenges. When people worried about their butcher shop's meat spoiling, they were experiencing what security experts have warned about for years - how quickly modern society becomes vulnerable when the power goes out. The interconnected nature of European power grids means that, like dominoes, what starts as a local issue can rapidly become a multinational crisis.

According to Chaucer, a UK-based global speciality insurance group, successful cyberattacks on UK utility companies rose dramatically from just seven in 2022 to 48 in 2023, marking a 586 per cent increase. These attacks were primarily focused on data theft and ransomware, resulting in the compromise of sensitive data from 140,000 individuals, a notable 714 per cent increase from the previous year.

Additionally, a 2024 report from a UK-based cybersecurity firm DragonFly found that renewable energy companies in the UK face up to 1,000 attempted cyberattacks each day. This alarming rise in cyber threats is likely one reason why Ciaran Martin, former head of the UK’s National Cyber Security Centre, emphasised the need for energy companies to have a response plan in place. He highlighted that the difference between being 50 per cent functional within 24 hours of an attack and being offline for weeks could be catastrophic for both public safety and economic stability.

For renewable energy projects, the UK is prioritising those that are fully prepared for connection to accelerate clean energy integration. This shift is likely to result in a significant increase in distributed energy resources (DERs) being integrated into the grid. However, this expansion brings about heightened cybersecurity risks, as these assets, such as wind farms, solar panels, and battery storage, are often managed remotely and rely heavily on digital communication systems, creating opportunities for cyber attackers to exploit vulnerabilities in smart grid systems.

In addition, construction has officially begun on the Eastern Green Link 1 (EGL1), a high-voltage direct current (HVDC) submarine power cable designed to connect Southeast Scotland with Northeast England. This undersea HVDC project will significantly enhance the UK’s energy transmission capacity, but it will also increase reliance on digital control systems. If targeted, attackers could compromise the system’s integrity, disrupting power transmission between Scotland and England.

As the UK’s energy sector continues to modernise, the importance of prioritising cybersecurity cannot be overstated. Without robust security measures, the transition to a cleaner, greener and more efficient energy system could be at risk from cyber threats.

To protect the energy grid, ongoing investment in digital security, real-time monitoring, security awareness training, and well-prepared response plans are essential when dealing with inevitable cyberattacks. Only by strengthening these defences can the UK safeguard its energy infrastructure and secure the future of its energy transition.

Javvad Malik is Lead Security Awareness Advocate at Leeds-based KnowBe4