Jurisdictional complexity – Countries, regions, and jurisdictions often have different regulatory frameworks regarding cybersecurity. Some regulations aim for a more unified approach, such as what the Network and Information Security Directive (NIS2) seeks to do in the European Union (EU), while some other areas are more localized. , leading to diverse interpretations of regulations. Increasing regulatory complexity requires organizations in this sector to comply with global or regional standards while also responding to local requirements.
Grid stability and attack surface expansion – As the energy sector becomes more globally interconnected, the attack surface for cyber threats expands. Integrating different systems and networks across borders increases entry points for cybercriminals and challenges grid stability in interconnected cross-border energy networks.
Cyber extends beyond borders – Cyber threats don’t stick to geopolitical boundaries. A cyberattack originating from one country can easily impact critical infrastructure in another country. Coordinating a response and determining the source of an attack in this environment is complex.
Legal restrictions on information sharing – Collaboration and information sharing are essential for effective cybersecurity, but regulatory, legal, political, and competitive concerns about sharing sensitive information across borders limit effective threat intelligence. Sharing may be prevented.
Continued politicization of business – The energy and natural resources sector is prone to business/economic activities becoming intertwined with political interests, agendas and influence. Geopolitical tensions often result in an increase in cyber threats, especially those targeting critical infrastructure. As a critical infrastructure sector, energy is a prime target for illicit state-sponsored cyberattacks, with potential impacts on both supply chains and end consumers.
