Data management

DNV Takes on Cybersecurity Firm To Defend Energy Sector Against Escalating Threats

Company says the acquisition of Applied Risk will allow it to safeguard critical infrastructure in the renewables, power grid, and oil and gas sectors.

Data Security Concept
Source: BlackJack3D/Getty Images

DNV, the independent assurance and risk management provider, will acquire industrial cybersecurity specialist Applied Risk. The two companies will join forces to build the world’s largest industrial cybersecurity practice, defending critical infrastructure in energy and other industrial sectors against emergent cyber threats.

Threats to industrial cybersecurity are becoming more common, complex, and creative. The energy sector now appears among the top three most attacked industries according to insurance firm Hiscox. Recovery from an attack can cost organizations hundreds of millions of dollars, and companies in the sector face new pressures to comply with tighter regulation.

The energy industry is under increasing pressure to bolster its cybersecurity following a series of high-profile attacks causing disruption to energy supply in recent years. These include an attack on the Colonial Pipeline company in April 2021, which led to a temporary shutdown of the largest fuel pipeline in the US and caused temporary shortages of gasoline and other petroleum products. An attack on a series of Ukraine’s power grid substations left a quarter of a million people without power in 2015 and set a precedent for the vulnerabilities facing the world’s grids.

The security of the renewables sector has also come under greater scrutiny after researchers from the University of Tulsa demonstrated how easy it can be to hack a wind farm. In 2017, the team accessed an unsupervised wind turbine and exposed several vulnerabilities that could give them full remote control of the mechanics of an entire wind farm and the potential to destroy all turbines within it. Gartner forecasts that cyber criminals will go beyond making attacks for financial gain this decade and progressively weaponize industrial control systems to cause harm to human life.

“Energy assets, equipment, and components are now at higher risk of new forms of cyberattacks, as their control systems become increasingly connected. Life, property, and the environment are at stake,” said  Remi Eriksen, group president and CEO of DNV. “DNV is investing significantly in helping our customers build a powerful force of defense. By joining forces with Applied Risk, we aim to build an industrial cybersecurity powerhouse to support governments, regulators, operators, and their supply chains in managing these emerging risks.”

Applied Risk’s experts will join forces with DNV’s cybersecurity specialists, who work with governments, corporations, and industrial operators to keep projects and operations secure. DNV provides real-world cybersecurity expertise to some of the world’s most complex infrastructure projects, helping customers identify their cyber risks, build a powerful force of defense against threats, recover from attacks, and win stakeholder trust and support.

“DNV and Applied Risk share a common vision of safeguarding critical industrial assets from the growing volume and complexity of cyberattacks,” said Jalal Bouhdada, CEO of Applied Risk. “This partnership brings together two highly respected organizations in industrial assurance and cybersecurity solutions. We will combine the strengths of Applied Risk and DNV with significant investments in security research and innovation to build and grow a cutting-edge industrial cybersecurity business that helps our customers outpace new threats posed by cyber criminals.”

Applied Risk and DNV will operate together under the DNV brand. A combined leadership team from both companies will be tasked with scaling a merged cybersecurity business with ambitions for significant growth by the end of 2025.