Cybersecurity has become a strategic priority for the protection of data centers and critical infrastructure. These assets, which support essential services for society and the economy, are a preferred target for cyber attackers due to the potential impact that an interruption or security breach can have on their facilities. The combination of accelerated digitalization, convergence between information technologies (IT) and operational technologies (OT), and the incorporation of new models such as smart grids or distributed energy has significantly expanded the attack surface. In this context, cybersecurity stops being a support element and becomes a critical factor in business continuity.
Although the threats are similar to those in other sectors, their potential impact is much greater. “The difference is not so much in the type of attack as in the consequences it can have,” he explains. Javier Aguilera, general director of Ikusi Spainremembering that an intrusion can affect the energy supply or the physical security of the facilities.
Resilience depends on the ability to anticipate, protect and respond effectively
One of the biggest risks lies in OT environments. Doris Seedorf, CEO of Softtek Spainemphasizes that “the most severe threats come from the vulnerability of legacy industrial systems, supply chain dependence and hyperconnectivity derived from the energy transition.” Many of these systems were not designed to operate connected, making them especially fragile against modern attacks.
In everyday life, the most common attacks are not always the most visible. According to Pedro Jorge Viana, Head of Presales at Kaspersky Iberia, “The most common are malicious scripts that enter through emails or compromised websites, followed by spyware, which can spend months hidden collecting operational data without raising suspicions.” Added to this is phishing, which acts as a gateway to more sophisticated attacks. Ransomware, although less frequent, is the one that generates the greatest impact. “When it gets in, the damage is enormous,” Viana warns, especially when combined with unauthorized remote access to SCADA or PLC systems and denial-of-service attacks that disrupt operation.
This trend is exacerbated by new tactics. Manel Picalló, Consulting System Engineer at NetApp in Spain and Portugalnotes that “criminals are beginning to use AI to amplify their attacks and apply double extortion techniques, combining data theft and encryption.”
Protection technologies
Given this scenario, the protection of energy infrastructure requires a comprehensive approach. Asset visibility is the first step. “You can’t protect what you don’t know,” he insists. Ángel Serrano, Senior Manager at Palo Alto Networkswho defends the need to inventory all IT and OT assets and know their vulnerabilities. The Zero Trust model is consolidated as a central axis. “Not assuming any access as safe and applying a multi-layer defense is essential to limit the scope of an attack,” says Picalló. This philosophy translates into strict segmentation between IT and OT, remote access control, multi-factor authentication and least privileges.
In addition, it is essential to have detection and response capabilities adapted to the industrial environment. Aguilera highlights the importance of “a specialized SOC, with professionals who understand industrial processes and can act quickly without interfering in the operation.”
Artificial intelligence is also beginning to play a relevant role. Seedorf highlights the value of “intelligent agents capable of detecting anomalies in real time and acting under auditable rules”, always accompanied by solid governance of the data and the AI models themselves.
The consensus among experts is clear: Ransomware remains the attack with the greatest impact. “It has entered a very aggressive phase, where not only data is encrypted, but critical operations are interrupted to maximize the damage,” says Serrano. In energy environments, this type of attack can be equated to a serious physical failure, with unplanned shutdowns, economic losses and cascading effects on other services.
The future poses complex challenges. The coexistence between legacy systems from decades ago and new technologies such as smart grids, edge computing or advanced AI creates an environment that is difficult to secure. “That mix of new and old is a tinderbox,” summarizes Viana, especially when it is not feasible to stop a plant to update systems. Added to this is supply chain security, identified by Serrano and Seedorf as one of the preferred attack vectors, and the shortage of specialized talent. “There is a lack of hybrid profiles that understand energy, data and cybersecurity,” which forces reskilling to accelerate.
Cybersecurity must be a priority and resilience will depend on the ability to anticipate, protect and respond effectively.