SUCCESS STORY

Solar PV

Understand, in more depth, the cyber security posture of two operating solar projects in Spain.

The Challenge

Understand, in more depth, the cyber security posture of two operating solar projects

The Operational Technology (OT) cyber landscape is undergoing radical change, putting operators of critical infrastructure in constant financial uncertainty about their cyber risk and potential losses. 2019 witnessed a 2,000% year-over-year increase in industrial control system cyberattacks, with the average cost of an industrial cyber breach stacking up at $13.0m vs $11.7m in 2017.

The Renewable Energy sector is directly affected by the increase in cyber risk. Our customer owns and operates solar photovoltaic (PV) generation facilities, and deployed DeRISK in two of them located in Spain, to better understand its exposure to cyber risks.

The Solution

Provide a detailed risk assessment explaining top cyber security risks

DeRISK’s cyber risk platform provided the company with a detailed risk assessment explaining the top cyber security risks for their solar facilities. The reported cyber risks were broken down by the initial attack vector and the type of consequences, potential damages, and losses.

SolarWorkers-withAccent-3

The Results

DeRISK provided the company with a detailed risk assessment explaining its overall cyber exposures and top risk components. Highlighting that the projects had a higher risk exposure compared to comparable industry peers was another key finding. Web-facing applications and external remote services were identified as top sources of probable loss, and therefore should be prioritized for further protection.

With these results from DeRISK, the company became aware of its cyber security posture.

DeRISK analysis showed that inexpensive and cost-effective measures such as strengthened password policies (hardened, unique, and systematic change of default passwords) could reduce risk.

Additional measures with slightly higher initial investment, such as deploying an application-layer filtering proxy server, would ensure that all network traffic is validated and authorized.

With these results from DeRISK, the company became aware of its cyber security posture and was able to prioritize its risk mitigation strategy based on ROI, risk reduction, upfront and recurring costs, payback period, and NPV.

Expected Loss Breakdown

By initial attack vector

0

Cost per site

0

Sites and counting


Expected Savings

0

Per site inspection (70%)

Because of the nature of the company’s operations as a renewable energy producer, an overwhelming majority (93.7%) of the total risk comes from the following two cyber event types: (1) equipment damage and (2) business disruption/downtime. With DeRISK, the company was able to outperform the industry average exposure to cyber risk.