VDI-EE 4603 Blatt 3:2025-05

The security of information technology systems is increasingly becoming a focus for operators of plants and grids in the energy industry. Key factors here are, on the one hand, the increasing digitalization of energy systems and the processes in the energy industry and, on the other hand, the growing frequency of attacks on information systems. In traditional IT environments, many companies are increasingly taking cybersecurity measures into account. In contrast, cybersecurity was not an issue in plant networks for a long time. In some cases, plant components cannot be updated easily, and many frequently used transmission protocols are not encrypted. This increases the risks to the resilience of energy systems. The latest cyber attacks were directed at both operators and suppliers of energy technology systems, as well as IT service providers and IT system houses. This expert recommendation is intended to provide guidance on how to improve the level of cyber security maturity for relevant aspects. Of course, not every case can be covered in this expert recommendation, but even a step-by-step improvement in cyber security will reduce the threat. Furthermore, dealing with the topic of cyber security fundamentally increases general awareness and thus already leads to an improvement in the situation.

03.100.70, 27.010