Daily digital threats to the power industry

Without a stable supply of electricity, Norway grinds to a halt. This makes the power industry vulnerable and exposed to various threats. The industry is constantly under attack. One player experiences up to 13,000 cyber attacks daily.

"The world has not become safer over the past year. There is still war and conflict in Ukraine and the Middle East. Cooperation between authoritarian states is increasing. The use of force is escalating. Democracies are under pressure and unity is being challenged. These are conditions that create a persistently demanding security policy situation," writes the National Security Authority (NSM) in the report "Risk 2025".

This is the serious backdrop for the Norwegian power industry, from power producers to grid companies and electricity suppliers. The power industry is particularly vulnerable as it supplies electricity to Norway and our neighboring countries. A successful attack can have serious consequences such as power outages, loss of critical infrastructure and major financial losses. Without electricity, important functions in Norway would grind to a halt in a short space of time. The power industry is therefore a natural target for hostile nations and criminals.

The power industry is under pressure on several fronts:

• Physical: physical attacks on critical infrastructure are likely and the insider threat is real
• Digital: increasing digitalization has made the sector more efficient, but also more vulnerable
• Laws and regulations: stricter national and global regulations are tightening cybersecurity requirements
• New technologies (AI): Artificial intelligence (AI) is being used for more sophisticated attacks and is challenging existing security regimes

The power industry at risk of sabotage

At the beginning of February, the Norwegian Intelligence Service, the Norwegian Police Security Service (PST), and the National Security Authority (NSM) jointly presented their threat and risk assessments to politicians, society, and the press.

PST believes it is likely that Russia will attempt to carry out sabotage in Norway in 2025. The purpose will be to prevent deliveries to Ukraine or negatively influence our willingness to support Ukraine. Targets for actions in Norway are likely to be similar to what we have seen in Europe (e.g. arson, incitement, breaking into waterworks). In addition, power infrastructure may become a target for sabotage. The insider risk is also real.

In 2024, the US authorities revealed that Chinese state-sponsored actors had broken into the computer systems of critical infrastructure in the energy sector. The authorities warned that the actors were attempting to position themselves in the systems to attack at a later date. The techniques were sophisticated and required considerable expertise. At the same time, they were difficult to detect. Attackers could therefore remain in the networks over time.

According to a survey of the Norwegian power industry in 2024, conducted by Cegal, power companies face many security challenges:

• Too few resources: This means that smaller power companies often act reactively. Vulnerabilities are only discovered when they are exploited.
• Complex infrastructure: A lot of data is stored unstructured, in different technologies and across a variety of systems. This makes it difficult to effectively track and remediate known vulnerabilities.
• Need for external expertise: Utilities outsource a lot of security work to external partners to gain access to expertise and save internal resources.

How power companies can strengthen their security

A more serious threat landscape requires a proactive security strategy, where risks are identified and managed before damage occurs. Here are five measures to become more proactive:

1. Continuous monitoring
- Active monitoring of IT infrastructure can detect abnormal traffic and potential attacks before they cause damage.
- Machine learning and AI can be used to analyze patterns and anticipate attack attempts.

2. Zero Trust approach
- No digital devices or users are automatically trusted. Physical or digital access is granted only after assessment.
- Strict access management and network segmentation reduce the risk of spreading attacks.

3. Secure cloud storage and data localization
- The power industry must ensure that sensitive data is stored following regulatory requirements.
- Authorities restrict the use of cloud solutions for critical systems (OT and SCADA).

4. Security exercises and contingency plans
- The latest version of the Power Contingency Regulation requires companies to have mandatory plans and exercises to deal with attacks.
- Simulations and stress tests improve companies' response to real events.

5. Collaborate with external security experts
- Many companies cannot handle cybersecurity internally and outsource security work to specialists.
- External expertise ensures continuous updates on new threats and best practices.

Increasing digitalization and a more serious threat landscape mean that there is a need for the power industry to move away from reactive measures to a proactive security strategy. With continuous monitoring, Zero Trust principles, secure data storage, and collaboration with experts  -the power industry can handle the threats.

Cegal is a partner with deep domain expertise within the power industry and cybersecurity. We help our customers strengthen their resilience, protect critical systems, and ensure a stable energy supply.

Is your business ready for the security challenges of the future?
Contact us at Cegal for a security consultation and see how we can protect your infrastructure against tomorrow's threats. We can assist with, among other things, threat monitoring and security analysis, risk management and preparedness, secure cloud operations and data protection, zero trust implementation and identity management, advisory services, compliance support, and more.

Read more about our Cyber Security Management here >