Nordex Issues Statement Following Cyber Attack, Expert Reaction
ByISBuzz Staff Editorial Team , Information Security Buzz | Apr 15, 2022 06:16 am PST
It has been reported that German wind turbine manufacturer, Nordex Group, was hit by a cyber-attack on 31 March 2022, with an update issued by the firm this week. The cyber-attack was detected by IT security team at an early stage, according to Nordex, and response measures were taken quickly.
We’re seeing green energy providers become an increasingly common target for cybercriminals. Last year, we also saw the world’s largest manufacturer of wind turbines hit with a similar attack.
It’s not difficult to understand the mindset behind the attacks. Green energy is fast on the way to becoming critical infrastructure, so any attack has the potential to cause widespread disruption and draw plenty of media coverage. And, for many cybercriminals, this heady combination of the destruction and limelight is too tempting to miss.
We have seen organisations in this sector increase the level of confidence they have in their cyber resilience by upping their level of maturity in a number of the NIS requirements they have to meet as a critical infrastructure provider. Commonly, the first step in this process to increase certainty, has been to align with risk management frameworks best practise and begin with an up to date review of all the different assets that comprise a wind park and then contrast this with current risk assessments addressing any gaps this new insight brings with the actual assets that comprise the critical service. It is this \”back to basics\” approach that is helping to build stronger controls.
We’re seeing green energy providers become an increasingly common target for cybercriminals. Last year, we also saw the world’s largest manufacturer of wind turbines hit with a similar attack.
It’s not difficult to understand the mindset behind the attacks. Green energy is fast on the way to becoming critical infrastructure, so any attack has the potential to cause widespread disruption and draw plenty of media coverage. And, for many cybercriminals, this heady combination of the destruction and limelight is too tempting to miss.
We have seen organisations in this sector increase the level of confidence they have in their cyber resilience by upping their level of maturity in a number of the NIS requirements they have to meet as a critical infrastructure provider. Commonly, the first step in this process to increase certainty, has been to align with risk management frameworks best practise and begin with an up to date review of all the different assets that comprise a wind park and then contrast this with current risk assessments addressing any gaps this new insight brings with the actual assets that comprise the critical service. It is this \”back to basics\” approach that is helping to build stronger controls.