Complexity of jurisdictions – In many cases, countries, territories and jurisdictions have different regulatory frameworks for cybersecurity. While some regulations aim for a more unified approach, such as what the Network and Information Security Directive (NIS2) attempts to do in the European Union (EU), some other areas are more locally focused, leading to diverse interpretations of regulations. This added regulatory complexity challenges organizations in this sector to comply with global or regional standards while also dealing with local requirements.
Grid stability and increased attack surface – As the energy sector becomes more interconnected globally, the attack surface for cyber threats expands. Integrating various systems and networks across borders provides more entry points for cybercriminals, challenging grid stability in an interconnected cross-border energy network.
Cyber extends over boundaries – Cyber threats do not adhere to geopolitical boundaries. A cyberattack originating in one country can easily impact critical infrastructure in another. Coordinating responses and attributing attacks in this environment is complicated.
Legal restrictions in information sharing – While collaboration and information sharing are crucial for effective cybersecurity, regulatory, legal, political and competitive concerns around sharing sensitive information across borders can hinder effective threat intelligence sharing.
Ongoing politicization of business – The energy and natural resources sector is prone to the entanglement of business/economic activities with political interests, agendas and influences. Geopolitical tensions often result in increased cyber threats, especially targeting critical infrastructures. As a critical infrastructure sector, energy is a prime target for rogue and state-sponsored cyberattacks, with potential consequences for both the supply chain and end consumers.