There have been a spate of cyber attacks on critical infrastructure across the globe this year. Australia, Germany, Ukraine and the US have all variously seen energy, industry and state owned utilities and services attacked by ransomware.

Power infrastructure is particularly vulnerable because it is typically operated using legacy technology that is not designed to be connected to the internet. However, efficiencies can be achieved by bolting on internet connected systems and devices - resulting in the Internet of Energy. But vulnerabilities within the legacy technology are not easily fixed, which can leave now-connected systems exposed to attack.

In the UK, energy providers are essential service for the purposes of NIS (the Network and Information Systems Regulations 2018) . As such a provider will have to have in place appropriate technical and organisational measures to protect against risks to their systems. How a provider balances ageing infrastructure, progressive technology, demanding legislation and ever-evolving cyber threats makes for significant challenges. Ransoms generally appear to increasing - and, unfortunately, the difficulties faced by energy companies may mean they continue to be attractive targets.