search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
RENEWABLE ENERGY


SECURING THE FUTURE OF RENEWABLE ENERGY


Cybersecurity maturity in renewables is ‘very poor’, according to Rafael Narezzi, co-founder at Centrii, who says the sector has prioritised physical security over digital security. Here, he discusses the challenges and why visibility is key


E


nergy systems are becoming increasingly digitalised and decentralised, making them


prime targets for attackers. A single successful breach can cause widespread disruption and, with the growth in renewables, the stakes have become even higher. Connected and remotely managed assets like


wind turbines, energy storage facilities and solar farms have increased the attack surface, while the risk of supply chain attacks creates a perfect storm with serious consequences. The attacks on Poland’s power grid in 2025,


which targeted wind and solar farms, show that attackers can easily manipulate multiple sites at the same time to destabilise critical networks. The growing reliance on digital control technology


is increasing the vulnerability of the systems that underpin the move to renewables. These systems are core to how wind, solar and storage sites are managed. Operators rely more on interconnected control systems like SCADA and broader operational technology (OT) to monitor and control assets. Renewables often share common SCADA architectures across assets, which provide efficiencies but also introduce risks when malware is used to exploit them. Attackers who can gain access through a vulnerable device, such as an unpatched router, can move laterally within the network to take control of critical systems. Back-door access into SCADA systems must be


treated as a frontline issue that requires a layered approach to security – monitoring, patching endpoints, isolating networks and deploying platforms that offer visibility into OT environments.


CALCULATING THE FINANCIAL IMPACT The consequences of an attack can be damaging on so many levels. Operational downtime and


www.essmag.co.uk


disruption to essential services are just the start. But operators and asset owners often underestimate cybersecurity’s financial impact. When you factor in financial and


reputational loss, as well as the insurance implications, the consequences start to stack up. As a result, investors are increasingly demanding a cybersecurity maturity index before funding new renewable assets. By quantifying the loss


attacks in a complex geopolitical environment. Respondents also pointed to the growing demands


for regulatory compliance and third party risk management, mandated by the EU’s NIS2 Directive. This directive expands cybersecurity rules for critical sectors like energy, imposing stricter risk management, reporting and penalties.


“The rise of


in financial terms, they can start to understand the real-life consequences and then make informed decisions about relatively modest security investments that significantly reduce their risk exposure. We are building highly decentralised digital energy systems that we rely on, but cybersecurity is too often seen as a technical problem rather than a leadership responsibility. By helping stakeholders understand the losses tied to generation interruptions, the sector starts to see cybersecurity as a core operational risk. To better understand how cybersecurity is shaping


the sector, last year we collaborated with AECOM on a global survey of senior decision-makers, including financial and operational leaders, asset managers, developers and tech providers. The responses about how businesses are adapting investment and operational strategies in the face of cyber threats were mixed. While cybersecurity is seen as a business risk, renewables companies will need to enhance their cyber resilience to manage the potential fallout from


renewables is bringing both risk and reward by transforming the energy landscape, but it is also introducing new threats”


FLYING BLIND Protecting energy generation and assets is more important than ever. What has changed is the way operators do it. For many energy operators – and not just those in renewables – the most common problem is a lack of visibility. Without a centralised view with real-time insights into OT traffic, threat patterns and unauthorised access, companies are flying blind. In this environment, visibility is not a luxury. If you don’t see the


threats, you can’t control them. The Poland attack is a good example, with router hijacking and remote manipulation made possible because connectivity existed without adequate


operational visibility. Once edge routers were compromised, attackers could influence dispatch and control layers downstream. This is basic connectivity risk compounded by weak monitoring. This is true across the sector with too much trust


places in vendor connectivity and limited insight into internal OT communications. But also, no financial mapping of what disruption would actually cost. Failure is rarely catastrophic on day one. It’s accumulated blind spots that eventually become major operational exposure. The rise of renewables is bringing both risk and


reward by transforming the energy landscape, but it is also introducing new threats. As we continue to transition to new forms of energy, we must ensure it is secure by design.


Centrii https://centrii.com/ ENERGY & SUSTAINABILITY SOLUTIONS - Summer 2026 21


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40