The energy sector, as one of the key critical infrastructure sectors, is currently facing the challenge of ensuring not only a reliable energy supply, but also resilience to cyber threats. The transformation of the sector, related to the integration of renewable energy sources (RES), digitalisation and automation, forces operators to implement new communication and security standards. In the context of growing threats and a changing geopolitical situation, cybersecurity is becoming one of the pillars of a secure functioning of the state.

Why is cybersecurity crucial today?

Modern power systems are increasingly complex and vulnerable to attacks. The transformation of traditional networks into automated, digitally managed systems has created new vectors of risk. Every smart device, every remote meter, every transformer station connected to the grid is a potential entry point for cybercriminals.

Cyberattacks on the energy infrastructure can have disastrous consequences, ranging from local power outages to serious system failures that endanger human life and health. What's more, these attacks are increasingly becoming part of broader geopolitical and military operations.

The most common types of attacks on the energy sector

• Ransomware attacks – encryption of system data and ransom demands.
• DDoS (Distributed Denial of Service) attacks – overloading of servers and SCADA systems, making them unavailable.
• Infiltration and sabotage – taking control of control systems (PLC, RTU) and deliberately damaging infrastructure.
• Phishing and social engineering – exploiting human error to gain access to systems.
• Supply chain attacks – infecting software or hardware before it is deployed in the infrastructure.
• Attacks such as spoofing and jamming – disrupting or falsifying GNSS signals (e.g. GPS, GALILEO) used for time synchronisation in energy systems. Spoofing involves substituting a false signal that makes devices ‘think’ that the time is different than it actually is. Jamming is the disruption of a signal, which leads to its complete loss. Both attacks can result in incorrect correlation of measurement data, loss of synchronisation of power stations and difficulty in analysing incidents.

Fot. Bitstream

Examples of cyber attacks on the energy sector

Examples of such attacks include attacks on Ukrainian power systems in December 2015 and 2016, which caused power outages for hundreds of thousands of residents. BlackEnergy and Industroyer malware were used in these attacks.

Another example is the ransomware attack on Colonial Pipeline in 2021, which targeted the company that manages the largest fuel pipeline in the US. It led to a suspension of supplies for several days and major disruptions across the country.

In turn, a cyberattack attempt in Canada in 2022 forced the electricity producer and supplier Hydro-Québec to temporarily disconnect some of its IT systems, demonstrating the scale of the threat even in highly developed countries.

Each of these incidents shows that energy infrastructure is a target not only for cybercriminals, but also for groups linked to states that wage cyberwarfare as part of their political and military strategy.

Geopolitics and cybersecurity – the growing importance of protecting energy systems

In recent years, we have seen rapid changes in the international balance of power. Growing tensions between East and West, the war in Ukraine, instability in the Middle East and the escalation of conflicts in cyberspace have put the energy sector in the spotlight of both defenders and aggressors.

Contemporary conflicts are no longer fought exclusively on the battlefield – information and cyber warfare are equally important. Disrupting energy supplies can weaken a country's resilience, disrupt society and lower morale. That is why cybersecurity is becoming not only a technical challenge, but also a strategic national priority.

Technologies supporting cybersecurity

In response to rapidly growing threats, technologies are being developed to ensure the resilience of energy systems. These include, among others:

• Data transmission encryption – technologies such as MACsec (layer 2) and IPsec (layer 3) guarantee the confidentiality, integrity and authenticity of data transmitted between devices.
• Network segmentation and industrial firewalls – separate critical systems from less secure office networks and the internet, minimising the risk of attack escalation.
• Incident detection and response (IDS/IPS) – solutions that monitor network traffic in real time, enabling rapid detection and blocking of suspicious activity.
• Multi-system and multi-frequency GNSS receivers.
• Remote monitoring and management – enables quick response to potential threats, network status analysis and fault diagnostics without the need for physical presence at the station.

Photo: Bitstream solutions for data transmission and time synchronisation

BitStream solutions supporting cybersecurity in the energy sector

At BitStream, we provide devices supporting data transmission and time synchronisation that ensure communication security. These include:

• Time servers with PTPv2, GNSS and IRIG-B support – provide nanosecond synchronisation precision, which is crucial for accurate event analysis. Time servers and switches meet the requirements of IEC 62443-4-2 for user authentication with an implemented mechanism for separation of responsibilities, access control, communication integrity and data encryption, and software update security.
• IEC 61850-3-compliant devices with MACsec/IPsec support – guarantee data protection, resistance to cyber attacks and create a secure communication zone even in environments with the highest reliability requirements.
• Multi-system and multi-frequency GNSS receivers
• Remote monitoring function – minimises response times and increases system resilience to failures and attacks.
• Jamming and spoofing detection mechanisms.

Our time servers represent the highest quality in the field of synchronisation and time precision. They are a key element in networks and systems where time accuracy plays a crucial role, such as data centres, financial institutions, telecommunications networks and, of course, the energy sector. The advanced technologies we use at Bitstream ensure unmatched precision, reliability and stability. These devices are capable of synchronising with multiple time sources, including satellite navigation systems such as GPS and GALILEO, guaranteeing the highest level of accuracy.

Our industrial switches for critical infrastructure and time-sensitive networks are key components where data transmission delays can affect service quality or operational safety. They are essential in environments that require fast and uninterrupted transmission. Using standardised solutions and proprietary mechanisms, these switches guarantee minimal delays and high throughput, while ensuring reliability and stability of operation. Thanks to them, information is transmitted almost instantly, which is crucial in real-time applications.

Summary and recommendations for network operators

Cybersecurity in the energy sector cannot be treated as an option – it is a prerequisite for maintaining business continuity and public trust, as indicated by standards and new directives such as NIS-2. Investments in secure digital infrastructure are now investments in national security.

Transmission and distribution system operators should regularly update their security policies and conduct resilience tests (e.g. penetration tests), implement network segmentation, transmission encryption, precise time synchronisation, and train their staff in cybersecurity and incident response.

However, the most important thing is to choose proven, reliable, certified technologies and solutions as the foundation for stable and secure energy systems.

Magdalena Oleszko
Senior Marketing Specialist Bitstream
www.bitstream.pl