Energy 26.6.2025 | 15:49

How to manage cybersecurity risks in the energy sector?

Researchers Bahaa Eltahawy, Petra Berg and Mazaher Karimi from the University of Vaasa.
Inconsistent cybersecurity practices in organisations pose a threat to the energy sector. A new handbook from the University of Vaasa offers a structured, user-friendly resource to enhance cybersecurity resilience in the energy sector.

– As digitalisation accelerates, the energy sector faces more and more exposure to cyber threats, making human factors a critical point of intervention. By offering a structured and accessible resource, we aim to support a more resilient and sustainable energy landscape, says Petra Berg, one of the authors.

The handbook combines the expertise of researchers from the University of Vaasa, Petra Berg, Bahaa Eltahawy, Mazaher Karimi, Linda Turtola and Mansi Negi. It is one of the achievements of the REDISET - Resilient Digital Sustainable Energy Transition project, a collaborative project investigating digital energy security and resilience in future energy systems in the Nordics. Even though the focus is in the Nordics, the findings of the books are applicable to similar energy systems elsewhere. 

REDISET researchers doing a podcast
Researchers also produced a podcast in the REDISET project. In the photo: Bahaa Eltahawy, Linda Turtola, Petra Berg and Mazaher Karimi,

According to the authors, a major challenge in cybersecurity resilience is the variation in organisational cybersecurity culture, skill levels, and training, leading to inconsistent security practices. Over-reliance on regulations and resistance to complex security protocols further expose critical systems to threats.

One of the handbook’s key contributions is its emphasis on socio-cyber-physical risk management. It encourages organisations to move beyond compliance-driven approaches and adopt proactive, user-friendly strategies that integrate human behaviour into cybersecurity planning. By focusing on education, awareness, cooperation, and strategic investments, alongside the adoption of regulatory frameworks, the energy sector can significantly improve its cyber resilience.

The newly published handbook provides a comprehensive toolkit for policymakers, energy companies, and cybersecurity professionals. It compiles scattered information to offer a concise, user-friendly manual that presents cybersecurity guidelines in an accessible and engaging format. It helps to understand the roles and needs of different actors in the modern electricity-based digital energy systems, and gives suggestions on how to reduce threats involved. It also offers a detailed, practical checklist for assessing cybersecurity awareness and practices within organisations.

The manual is funded by Business Finland, NordGrid Energy Research, and Swedish Energy Agency.

The book is freely available online.

Mazaher Karimi, Bahaa Eltahawy, Linda Turtola, Qianwen Xu, Sonja Berlijn, Petra Berg and Karina Barnhold Klepper.
REDISET team from the University of Vaasa, KTH and Norwegian Defence Research Establishment (FFI) met in Oslo in 2023. In the photo: Mazaher Karimi, Bahaa Eltahawy, Linda Turtola, Qianwen Xu (KTH), Sonja Berlijn (KTH), Petra Berg ja Karina Barnhold Klepper (FFI).

Source: Turtola, Berg, Negi, Eltahawy, Karimi, Barnholt-Klepper, Berljin 2025: Manual for conducting reality checks on human cyber security vulnerabilities in the Nordic electricity based digitalized energy system. University of Vaasa Reports 54. https://urn.fi/URN:ISBN:978-952-395-195-2

Did you like the article?
Read more about this topic

Most reactions this week

To the Newshub front page