Cybersecurity for Energy & Utilities
Energy is Critical National Infrastructure, and it is under attack. Colonial Pipeline was shut down by ransomware. Ukraine's grid was switched off by nation-state malware. The UK NIS Regulations, the NCSC Cyber Assessment Framework, and Ofgem now set binding expectations for operators of essential services. Here is what grid, generation, gas, and water operators need to stay compliant and protected.
Start Here
NIS Regulations 2018
NIS penalties reach up to GBP 17 million for serious cyber failures
The NCSC Cyber Assessment Framework (CAF) for the Energy Sector
The CAF assesses 14 principles across 4 objectives for every energy OES
Ofgem Cyber Security Requirements for Energy Operators
Ofgem is the NIS competent authority for downstream gas and electricity
Ransomware Targeting Energy and Utilities
Colonial Pipeline shut a 5,500-mile fuel pipeline after a single IT ransomware infection
Nation-State Threats to the Power Grid
CISA warned in 2023-2024 that Volt Typhoon had pre-positioned inside US power and water CNI
Industroyer and CrashOverride
Industroyer caused a 2016 Kyiv blackout; Industroyer2 was deployed against the grid again in 2022
Browse by Topic
Protect your operations
Kyanite Blue works with grid, generation, gas, and water operators, building security programmes that satisfy the NIS Regulations and the NCSC Cyber Assessment Framework while defending the OT and IT systems energy depends on.
Book a discovery call