On 20 January, the Government Plenipotentiary for Cybersecurity issued recommendations regarding ensuring an adequate cybersecurity level of renewable energy sources (RES) in Poland. In this sector, installations are very dispersed, and their operation is monitored and controlled using various devices that are often exposed to cyber threats.

Part of the manufacturers are subject to significant requirements under the National Cybersecurity System Act. However, most of them are not subject to these regulations. These manufacturers should at least consider the recommendations of the Government Plenipotentiary.

The recommendations can be divided into two groups. The first group covers specific technical solutions, for example, regarding remote access to the facility, the use of user accounts (no sharing), passwords, backups, and multi-factor authentication. The second one consists of organizational requirements, including the recommendation to inventory equipment, appoint a person responsible for the cybersecurity of the installation, and maintain constant contact with entities of the national cybersecurity system.

Typical conditions for concessions to operate in the field of electricity generation include the obligation to ensure a proper equipment operation on a continuous and reliable basis, taking into account a reasonable level of costs. Thus, most of the above recommendations appear to be basic obligations for concessionaires in the renewable energy sector.

In addition, investing in cybersecurity protects against losses, downtime, and damage to reputation.