How do we strengthen cybersecurity in Sweden's digital systems?

Filip Enander, Head of Cybersecurity and Resilience at AFRY, shares his thoughts on why these factors are becoming critical for the energy infrastructure of the future.

Cybersecurity is more important than ever

The global ener sector faces major changes and challenges, where security and digitalisation play a crucial role. Geopolitical instability has demonstrated the importance of protecting nations, critical infrastructure and businesses against potential threats. This has led to an increased focus on robust security measures to manage the risks that come with the changing global situation.

Digitalisation projects within industrial environments are driving development, but many older systems, so-called legacy systems, lack adequate cyber-physical security controls. This creates a vulnerability that must be addressed to ensure a safe and sustainable transition to modern digital solutions.

New legislation from the EU comes into force

In addition, new EU legislation is being introduced, such as NIS2, which places higher demands on both operators and their suppliers. To meet these requirements, companies will need to strengthen their security measures, improve cooperation with suppliers and adapt to an increasingly complex regulatory environment.

The threat landscape within energy infrastructure

The digitalisation of the energy sector has created a complex landscape with increased interdependence between different systems. At the same time, cyberattacks are becoming increasingly sophisticated and targeted. Energy facilities are particularly vulnerable due to the transition from isolated systems to interconnected environments. For example, remote access and outdated systems represent potential entry points for attackers.

In the war against Ukraine, we have seen several examples of targeted attacks against energy infrastructure. The aim is often to weaken the resilience of the civilian population, as many community-building activities are directly dependent on energy to function. This makes energy infrastructure a critical resource with great protective value for both citizens and society as a whole.

Why cyber resilience is a burning issue

The increased threat landscape and increasingly stringent regulatory requirements make cybersecurity and resilience a highly topical issue. As the green transition gathers pace, industry's energy needs are increasing, and large investments are being made in the energy sector, with both new projects and expansions taking shape.

At the same time, we are facing a time of greatly increasing cyber threats, where the risk of attacks on critical systems threatens both energy supply and community functions. If we do not take the opportunity to strengthen resilience against these threats, there is a risk that the green transition will be hampered. So, how do we meet the growing energy needs from more industries and at the same time ensure that the systems can cope with cyber threats and other disruptions?

How we strengthen energy infrastructure

The solution lies in acting now, investing in secure and sustainable infrastructure and building a robust foundation for the energy supply of the future. Security and resilience must be integrated from the start - it should be a natural part of design and planning, not something that is added afterwards. Meeting today's challenges requires a holistic approach to organisation, physical protection and technical solutions where dependencies on external systems, suppliers and operations are managed in a well-thought-out manner.

However, the complexity of energy systems and a constantly changing threat landscape make it impossible to take comprehensive protection measures. Therefore, it is crucial to work with other aspects to strengthen resilience - such as redundancy and effective incident management, so that recovery can take place as quickly as possible.

At AFRY, we work with all these perspectives. Cybersecurity is not an isolated skill, but requires a combination of expertise to create secure and robust solutions. Our dedicated security organisation with over 100 consultants works with information and cybersecurity throughout the value chain - from strategy to implementation. We often work in parallel with both technical solutions and organisational issues to ensure effective and sustainable results.

Why AFRY?

We offer expertise in security protection and information security as well as design, development and implementation of secure IT and OT systems. With our broad expertise, we are a reliable partner that supports our customers throughout the process, whether it is strategic planning, technical development or practical implementation.

Our goal is to ensure that our customers can protect their most critical assets and maintain a high level of security in an increasingly complex and threatening digital world.

Together, we find solutions that are both sustainable and adapted to the unique needs of the business.