Protection of Vasiliko energy infrastructure
Yiannos Lakkotrypis 10:47 - 11 March 2024
In the modern era, energy infrastructure stands as the lifeblood of societies worldwide. From powering homes and businesses to fuelling essential public services, the uninterrupted flow of energy is vital for sustaining daily life and driving economic prosperity. However, this reliance on energy infrastructure also makes it a prime target for malicious actors seeking to disrupt societal functions or undermine national security, as well as a prime vulnerability from climate change consequences. Consequently, safeguarding Critical Energy Infrastructure (CEI) has become an imperative for governments, industries, and the military alike.
Critical energy infrastructure encompasses a broad spectrum of facilities and systems, including power plants, ports, cement factories, refineries, pipelines, electrical grids, and communication networks. Disruption to any of these components can have far-reaching consequences, ranging from localised power outages to widespread economic downturns and even threats to national security. The interconnected nature of these systems further amplifies the potential impact of any disruption, making them attractive targets of hybrid threats such as cyber attacks, physical sabotage, or natural disasters. Perhaps that most striking example of such criticality is the case of Cyprus, where Energy Infrastructure is concentrated in a small geographical area – the area of Vasilikos! The fact that almost half of the island’s land territory is under illegal occupation, coupled with the high dependency on tourism, Cyprus inevitably has scarce land resources for developing dispersed energy infrastructures.
Physical security is one critical aspect of protecting CEI from threats. Facilities, such as the Electricity Authority of Cyprus and other private power plants, as well as refineries, Oil and Gas storage infrastructures in the area, are vulnerable to sabotage, theft, and terrorist attacks, which can result in significant disruptions and safety hazards. Therefore, implementing stringent access controls, surveillance systems, and perimeter defences is essential to deter and detect unauthorised intrusions. Furthermore, contingency plans and emergency response protocols should be established to mitigate the impact of any security breaches and / or accidents and ensure the swift restoration of services.
In addition to man-made threats, natural disasters pose significant challenges to the resilience of CEIs. Climate change has increased the risk of accidents in Vasilikos operations since many technological incidents such as oil spills, fires and explosions can be the result of of climate change complemented by human negligence. Events such as hurricanes, earthquakes, and wildfires can cause widespread damage to energy facilities, disrupting operations and compromising safety. The Mari explosion in July 2011, the threatening fires at Vasiliko of July 2017 and January 2022, the several oil spill incidents, as well as marine accidents that took place in that area, provide a proof that the above-mentioned threats are more than real. Therefore, proactive measures, such as structural hardening, redundant systems, and disaster recovery plans are essential to minimise downtime and mitigate the impact of natural disasters on energy infrastructure.
Another primary concern surrounding CEI is the evolving landscape of cyber threats. As technology becomes more integrated into energy systems, the risk of cyber attacks increases exponentially. Hackers, both state-sponsored and independent actors, continually probe for vulnerabilities in energy networks, seeking to exploit weaknesses for financial gain, political motives, or sheer disruption. These threats can manifest in various forms, including ransomware attacks, data breaches, and coordinated assaults on operational technology (OT) systems.
To mitigate these risks, the government through the Digital Security Authority together with all private stakeholders operating at the Vasilikos Energy Centre (VEC), must adopt a multi-faceted approach to cyber-security. This approach involves implementing robust defence mechanisms, such as firewalls, intrusion detection systems, and encryption protocols, to safeguard against external threats. Additionally, regular vulnerability assessments and penetration testing can help identify and address weaknesses in infrastructure, before they can be exploited by malicious actors. Collaboration between public and private sectors is also essential, as it enables the sharing of threat intelligence and best practices to enhance overall resilience.
Furthermore, the transition towards renewable energy sources presents both opportunities and challenges for the protection of CEI. While renewable energy technologies offer environmental benefits and reduce reliance on fossil fuels, they also introduce new vulnerabilities and complexities to energy systems. For example, distributed energy resources such as solar panels and wind turbines are susceptible to cyber attacks and can create challenges for grid stability and management. Therefore, integrating renewable energy into the existing Vasilikos infrastructure requires careful planning and investment in resilience measures to ensure the reliability and security of energy supply.
Aspects of marine traffic safety, security, and control in the wider Vasilikos seaside area, are also of fundamental importance, given the multitude and complexity of the industrial port activities, the types of vessels that are accommodated or is planned to be accommodated and the potential complexity of the marine traffic. Developing and keeping up to date vessel information and monitoring systems in the wider Vasiliko seaside area, along with developing robust emergency and event response plans are crucial in ensuring smooth and safe marine operations in the area. The Cyprus Ports Authority, envisaging the prospective congested marine traffic, is currently developing a Vessel Traffic Monitoring system in the area.
In their 2023 joint publication “Fortifying Defence – Strengthening Critical Energy Infrastructure against Hybrid Threats”, the European Defence Agency and the European Commission identify additional significant risks associated with CEI. These involve possible foreign direct investments that could potentially lead to profound state dependencies and vulnerabilities. These investments could provide access to network structure information and technologies to hostile actors. In addition, dependencies on foreign actors in CEI could lead to threads and foreign strategic blackmail on supply, etc. Fortunately, the infrastructures at Vasiliko are controlled directly or indirectly by the Republic of Cyprus.
It is thus imperative, that VEC is governed by a management body for the monitoring, management and measurement of the performance for all key stakeholders operating in the energy centre. The coordination and collaboration of all key players in the area is essential for the prevention and combating of any incident and this has to be enhanced by the creation of such governace body.
In conclusion, safeguarding the critical energy infrastructure at Vasiliko, is paramount for maintaining societal functioning, economic prosperity, and national security in Cyprus. To address the diverse and evolving threats facing energy systems, the government of Cyprus, together with the industry and security forces, must collaborate to implement comprehensive defence strategies encompassing cyber-security, physical security, health and safety and disaster resilience in the energy centre at Vasilikos. By prioritising investment in protective measures and adopting a proactive approach to risk management, Cyprus can mitigate the vulnerabilities inherent in our energy infrastructure and ensure the uninterrupted flow of energy for generations to come.
Yiannos Lakkotrypis, Managing Director – Viribus Management Services, Key Expert for the development of a Safety Management Framework in Vasilikos Energy Centre