DNSC warns of increased risk of cyberattacks in the energy sector

The energy sector is one of the critical infrastructures that has been subjected to a real assault by cybercriminals in recent years.

With 125 devices connecting to the internet every second, devices based on new technologies, the risk regarding cybersecurity in the energy sector is very high, said Dan Cîmpean, director of the National Directorate of Cyber Security (DNSC), yesterday, during the press conference organized on the occasion of the signing of a strategic cooperation agreement for resilience against cyber attacks, between DNSC and the Enevo group.

Dan Cîmpean stated: "For us, as the Directorate, the energy sector, with its entire ecosystem of solution providers, services, in particular, everything that means technology, everything that means cybersecurity, is an absolutely fundamental ecosystem. We all know that without energy everything would be closed, there is no social activity, there is no economic activity. So, it is phenomenally vulnerable as a state, as a company, as an organization, as an individual. Now, from us, from the Directorate, we are observing some macro-level trends in the field of cybersecurity that are very, very worrying, and I choose my words very carefully. Since the hybrid war that we have at the border, we are observing a constant, not exponential, and sustained increase in the number of attacks, in their complexity. (...) It is a trend that, unfortunately, will continue. It is the new reality. There are many factors: once the technological evolution, on the other hand, we are talking about the large number of technologies, of devices based on operational technologies that connect to the internet. I say, I think we have an average of 125 such connections per second, globally, and more and more of these are in the energy sector. Multiple technologies and multiple suppliers create an increasingly large attack surface. (...) We have, on the one hand, an increasingly sophisticated, increasingly complicated technical infrastructure, and on the other hand, state and non-state attacks that are growing steadily and systematically. Obviously, when a negative impact on a state is desired, a systematic attack begins on the energy, transport, health, financial-banking infrastructure, etc. The good part is that we also observe solutions, which we encourage and support. (...) We need a strong ecosystem of solutions specialized mainly in the energy sector, for all stakeholders in the field. We, at the Directorate. want to identify, validate and recognize these solutions that we believe are useful and valuable. In the European Union, what is happening in the cyber field, you know as well as I do: they are converging very many things, borders no longer matter, everything is a click away. Attacks are a click away, solutions are a click away, and geographic location almost no longer matters”.

• 1500 cyber incidents per week in energy globally

He stated that, at this moment, DNSC can effectively handle two major attacks per week.

Dan Cîmpean showed: "The Directorate's estimate, from the major incidents in 2023 and 2024, but also from other incidents we have been through, at this time is that we believe that we can manage as a state somewhere between two major incidents that occur simultaneously or in the same week. But to manage such an incident you need people who know the infrastructure, and for now we have a critical mass of prepared people. If we have two major incidents simultaneously and a third one appears, we are caught out in front of it because the specialist teams are blocked from remediating the first two situations. Basically, we can no longer absorb a third major incident at this time and we need to increase the critical mass of experts and specialists in this field. We need to prepare for the scenario in which we will not only have two major incidents simultaneously, but there will be three, four, 20 or 220. This is the trend and the kind of capabilities that we are trying to create in an ecosystem with the providers of solutions”.

In turn, Cristian Pîrvulescu, CEO and co-founder of Enevo Group, pointed out: "We are facing two types of challenges. First of all, we are talking about legacy systems, about control systems, protection systems, automation systems, most of which were built and put into operation before the internet. These legacy systems were never designed to operate online, being protected by fences, gatepasses and guards. But, recently, we are experiencing an accelerated transformation of the energy sector, which in the last two to three years alone has built and put into operation production capacities of several gigawatts, capacities that are connected to the grid and operate on new technologies. These capacities require a new control approach, new operating structures, new manufacturers, a "forest” of equipment and digital elements, which do nothing but greatly increase the "forest” of attack vectors. (...) I would like to give you two figures related to the scale and complexity of these attacks. The International Energy Agency tells us that in 2024, typical energy organizations are victims of almost 1500 cyber incidents per week. Moreover, according to experts, 59% of global organizations were victims of ransomware in 2023, and estimates are that, by 2031, a ransomware attack will occur every two seconds. The International Energy Agency report also tells us that in 2023, such an attack generated an average of $1.85 million in losses, and total recovery costs reached an average of $2.73 million per incident. These are things that should attract our attention, these are things that are happening, these are real things that are happening around us”.

• Agreement between DNSC and Enevo Group for cooperation in the field of cyber security

Regarding the agreement signed yesterday by the National Directorate of Cyber Security (DNSC) and ENEVO Group, it mainly aims at testing technologies and platforms for monitoring and alerting on cyber attacks and incidents, as well as cooperation in order to ensure the visibility of incidents affecting energy sector infrastructures in order to facilitate a joint and coordinated response at national level.

The agreement between DNSC and ENEVO Group has as objectives: sharing information and threat intelligence for proactive detection of attacks; organizing events, workshops and training sessions in the field of Operational Technology (OT) security; developing and disseminating to the public analytical materials and information based on relevant statistical data; active support for the development of public policies at national and European level in the field of security industrial.

Cristian Pîrvulescu, CEO ENEVO Group said: "We are pleased to announce the conclusion of this strategic partnership with DNSC, one of the initiatives that can contribute to strengthening the cyber resilience of critical energy infrastructures in Romania. This agreement reflects a common vision of the public and private sectors, based on proactivity, collaboration, efficient exchange of know-how and skills. In a sector that is still in its infancy, our joint efforts aim to transparently and effectively manage cybersecurity challenges in the industrial and energy fields.”

SentryOT, the platform developed within the Enevo Group by a Romanian team specialized in OT cybersecurity and energy engineering, offers the highest level of resistance to cyber attacks on industrial control systems (OT), being unique globally in the efficiency with which it manages complex cybersecurity incidents on critical infrastructures in the energy field.

Regarding the platform in question, Mircea Stremţan, Cybersecurity Sales Director within the Enevo Group, told us that currently AI aspects are integrated into the platform with different functionalities.

"One, which will be launched soon, is an assistant for the efficient use of the platform and for the accelerated understanding of trends, patterns and behaviors that represent deviations from normal behavior,” Mircea Stremţan told us.

He concluded by saying that in the future environment and remote, very advanced AI components will be introduced into the platform that will even lead to the prevention of these cyber attacks in the energy sector.