Published: 7 February 2022
- Energy infrastructure development projects face a mounting cyber security challenge as assets and equipment become more network-connected
- Engineering, procurement and construction (EPC) contractors must meet customer requirements for the infrastructure to be cyber secure on handover and operational start-up
- EPC contractors need to encourage small system suppliers to provide cyber-secure systems and components
- It is advisable to test the cyber vulnerability of unvalidated new products or technologies, says Omar Garcia of EPC contractor Schneider Electric
Engineering, procurement and construction (EPC) contractors managing energy infrastructure development projects face growing cyber security challenges as once standalone computing systems managing industrial operations become increasingly connected to IT infrastructure and the Internet of Things.
This growing connectivity makes substantial demands on EPC contractors to develop and hand over assets that are on time and within budget, but also cyber secure at operational start-up. Throughout the project phase, contractors must display to operators up-to-date understanding of the risk that Industrial Control Systems (ICS) could be vulnerable to cyber-attacks, and how risks can be reduced. Operators need reassurance, for example, that third-party equipment and systems that the contractor recommends will not introduce unacceptable cyber risk to their operations.
The sheer number of people – in-house and suppliers – involved in large energy infrastructure projects also raises the risk that cyber security could be compromised through their connecting laptops, pen drives, and other devices and peripherals, and installing software. Another significant threat comes through not always using the latest version of cyber security software.