To support a world that runs entirely on reliable and secure green energy, we need to both invest in solutions and protect the energy infrastructure that makes the transition possible.
Why do we need a reliable renewable energy infrastructure?
It’s crucial that we build smart, secure, integrated energy systems that are based on diverse renewable energy sources and can ensure a stable supply. And it’s possible if we combine wind and solar PV with, for example, biogas and biomass, and co-locate it with Power-to-X (P2X) solutions.
Doing this allows us to facilitate synergies between P2X and the existing energy system to produce renewable hydrogen and green fuels, which are critically needed to decarbonise hard-to-electrify sectors, such as heavy industry and mobility.
As our energy systems become more diversified and digitalised, it’s also vital that we protect them from cybercrime. As an operator of vital infrastructure, we have a core responsibility to protect our systems and operations against security breaches to ensure a reliable and stable delivery of power to the grid.
We must also design our assets in ways that make them resilient against cyberattacks and able to withstand projected climate hazards.
What are we doing?
- We strive to bring in best practices from the main industries we engage with, from the IT inspired environments to production environments where highly reliable solutions are essential. We use an information security management system (ISMS) to manage security and deal with cyber risks. This is based on a combination of recognised international standards to be able to leverage best industry practices, easing our cooperation with our partners and suppliers. It also brings benefits for developers, operators, and the supply chain along the verticals of IT and OT disciplines.
- We continuously work to incorporate our renewable energy production into the power system in reliable, secure, stable, and cost-effective ways.
- We explore opportunities for co-locating production and consumption assets to allow for the smartest possible operation, and to exploit synergies within the energy system.
- We keep our infrastructure and business safe and resilient by enhancing our cyber defences against critical infrastructure breaches, and we govern cyber regulations to safeguard data and privacy.
- We ensure the security of corporate information and critical infrastructure in close collaboration with our business partners, embedding a security mindset across our organisation.
- We assess and document our assets’ resilience towards cyber-attacks and climate hazards, confirming that they’re resilient and able to withstand projected climate changes during their expected lifetime.
- We assess and document our assets’ resilience towards climate hazards, confirming that they’re resilient and able to withstand projected climate changes during their expected lifetime.
Latest updates from 2022
- To support the development of smart, integrated, and reliable energy systems, we focused on exploiting synergies within the energy system in the development of renewable wind, solar, and P2X projects. Examples of this include our partnership with Liquid Wind to build a large-scale e-methanol project in Sweden, and signing a letter of intent with Skovgaard Energy to jointly develop a P2X facility in Idomlund, Denmark.
- We also took several measures to safeguard our operations. These included enhancing our 24/7 detection and process automation capabilities, establishing a standardised and scalable approach on managing security through a company-wide information security management system (ISMS), strengthening cyber risk mitigation, and pushing our information and cybersecurity awareness culture forward.
What’s next?
We’ll continue to take an active role in supporting the development and scaling of a smart, secure, and integrated energy system.
To further protect and safeguard our assets, we’ll continue to monitor and assess current and emerging cybersecurity threats and ways to adapt and respond. We’ll deliver business resilience through well-architected software development and ensure operational stability and compliance. We’ll also continue to improve business continuity capabilities supported by the cyber resilience to strengthen Ørsted’s ability to provide reliable green energy.
Key information
Partnerships
- World Economic Forum (WEF) – collaboration to support the WEF’s vision to ensure cyber resilience in the electricity ecosystem. This is done by making cyber resilience a component of our organisational strategy and adopting the seven industry-specific principles to advance systemic cyber resilience.
- UK Cyber Security Task Group (E3CC) – member of a sub-group of the UK government's Energy Emergencies Executive to receive updates on cyber threats and incident information and to liaise on the management of cyber security issues in UK energy networks.
- Danish Energy Agency (Energistyrelsen) and the Danish Energy TSO (Energinet) – we work closely together with Danish authorities on contingency planning, obligations in relation to response planning and management, and risk and vulnerability assessments.
- Electricity Information Sharing and Analysis Center (E-ISAC) and the European Energy Electricity Information Sharing and Analysis Center (EE-ISAC) – to gain insights and guidance on how to safeguard our operations and mitigate threats to the grid.
- NREL Wind Turbine Consortium – a US government funded research entity under the Department of Energy, where we, together with other wind turbine vendors and developers, have established a confidential NDA-controlled safe space for sharing challenges, common solutions, and best practices on cyber resilience.
- Polish Naval Academy of the Heroes of Westerplatte – collaboration to provide strategic direction for cybersecurity in the EU region. The outcome and vision enrich Ørsted’s risk management process to efficiently reduce risks by standardisation with long-term sustainable principles and blueprints in EU based projects.
International frameworks
- International standards, incl. NIST, ISO 27001 & 27002, and IEC 62443
- Regulatory requirements in the countries where we operate, including EU NIS and NERC CIP
- Task Force on Climate-Related Financial Disclosures (TCFD)
Governance
Accountability for cybersecurity lies with our Chief Financial Officer. Accountability for P2X lies with our Head of P2X.
This programme contributes towards the following Sustainable Development Goals:
