By From Reactive Measures to Proactive Strategies
The energy sector’s digital transformation has brought about unprecedented efficiencies and capabilities. However, this evolution has also introduced complex cybersecurity challenges. Recent incidents such as the investigation into a potential cyberattack contributing to Spain and Portugal’s massive blackout in April 2025, underscore the sector’s vulnerability and critical importance of a robust cybersecurity framework. While initial investigations ruled out cyberattacks on power generation control centers, the possibility of cyber interference at other levels remains under scrutiny.1
Cyber threats in the energy sector are not just rising; they’re accelerating at a pace that is forcing the industry to reevaluate its digital resilience strategies. In the UK alone, reported cyberattacks on utility companies surged by 586% between 2022 and 2023, a spike largely attributed to escalating geopolitical tensions and increasingly complex digital infrastructure2.
In response, 94% of energy firms globally have adopted or plan to adopt AI-powered cybersecurity tools to improve threat detection, automate response protocols and reduce manual workload. However, only 29% of energy companies report high confidence in their ability to detect and respond effectively to attacks on operational technology environments, even though 71% have confirmed plans to increase their cybersecurity budgets in 20253.
This disconnect between investment and impact suggests that while cybersecurity has become a strategic focus, its execution, particularly across legacy infrastructure and complex OT layers remains a critical bottleneck.
Strengthening Infrastructure through Strategic Implementation
The widespread push toward zero-trust architecture, AI-enabled detection, and compliance with mandates such as the NIS2 Directive (Network and Information Security 2 – European Union’s updated cybersecurity legislation) has created a new baseline for utility security.
However, industry-wide efficacy still remains under scrutiny. AI is increasingly present in cybersecurity workflows yet recent data suggests that interpretability issues, alert fatigue and skills gaps are undermining operational gain in many utilities4.
Simply put, detection rolls are frequently in place but the ability to translate alerts into timely and effective action is still lagging behind.
Regulatory momentum has been building up in Europe and beyond but, practical adoption remains fragmented. The NIS2 Directive, for example, is expected to cover over 160,000 entities by 20255, yet sectorial readiness varies significantly across EU member states. For my smaller or regionally operated DSO’s, especially those navigating legacy systems, translating regulation into implementation has proven to be a demanding challenge.
Free Electrons, as a global innovation platform, plays an active role in supporting and accelerating this shift. By connecting utilities with early-and-mid-stage startups, the program not only enables the deployment of scalable cybersecurity solutions but also helps identify and address critical market gaps. These collaborations provide a launchpad for bold, impactful ideas to be tested, validated and, most importantly, deployed in real energy infrastructure settings hence contributing to move from risk acknowledgement to concrete risk mitigation.
Case Studies: Aperio and NanoLock
Across the cybersecurity landscape, a new wave of solutions is gaining traction by focusing mostly on securing operational investments through data authentication, intrusion detection and zero-trust architectures at the device level. As energy systems become more interconnected, these innovations are proving essential to protect against both internal and external threats. Within this shifting landscape, Free Electrons plays a crucial role by connecting early-stage startups with global utilities, offering a real-world testing ground to validate technologies, adapt them to complex infrastructure and accelerate adoption through strategic partnerships.
Meet the Free Electrons alumni driving real advancements in cybersecurity.
Aperio, an Israeli startup founded in January 2016, brought something entirely new to the table: a way to verify the truth behind the data flowing through critical infrastructure. With its breakthrough “machine polygraph”, Aperio enables real-time authentication of sensor-level data, helping utilities detect manipulation at the source and act with greater confidence. The solution stood out early on, earning global recognition as “most innovative in the security category” at CyberTech 20176, and signalling a shift in how cybersecurity could be embedded deep within operational systems.
Later that same year, Aperio joined Free Electrons, where it connected with global utilities exploring next-generation cybersecurity solutions. That connection sparked a strong collaboration with EDP, culminating in a $4.5 million strategic investment in the startup7. For Aperio, it marked a defining step forward in scaling its technology.
For the sector, it represented a growing recognition that cybersecurity must start at the very edge where data is first created and trust must be guaranteed.
Also in Israeli territory, NanoLock Security is making its mark by addressing cybersecurity at one of the most vulnerable points in the system: the device level. With a zero-trust solution that blocks unauthorised changes to critical system settings, NanoLock Security delivers persistent protection against both external attacks and insider threats. Its lightweight, hardware-agnostic technology is built for real-world conditions, securing even the most resource-constrained assets across the grid
In 2023, NanoLock Security joined Free Electrons, bringing its device-level protection approach to a global network of utilities seeking scalable, embedded cybersecurity solutions. The program provided a platform to showcase how NanoLock Security’s preventative technology can support grid modernisation efforts while ensuring that as utilities expand their digital footprint, core infrastructure remains secure-by design.
The Road Ahead for Cybersecurity in the Energy Sector
As digitalisation accelerates across grids, substations and connected assets, the ability to protect, verify and act on data in real time is now central to operational resilience. From device-level protection and secure data authentication to AI-enabled detection and regulatory compliance, the cybersecurity landscape is evolving fast and energy utilities are under growing pressure to keep pace.
What’s clear is that the future of secure energy infrastructure lies in embedded proactive and scalable solutions. Free Electrons continues to play a strategic role in this evolution simply by providing a platform where these ideas can be tested and deployed in real-world settings. The startups spotlighted in this blog are already helping define what the next phase of utility-grade cybersecurity looks like mostly resilient by design, responsive by default and integrated into the core of system operations.
Now in its 9th edition, Free Electrons is once again bringing together a global community of utilities and innovators working side-by-side to drive real change. As utilities and startups collaborate throughout this edition, cybersecurity remains high on the agenda with a shared priority that is shaping the near future of energy system around the world.
Learn more about cybersecurity solutions at Free Electrons
Citography:
1 Times of India Teck Desk. (2025, May 13). Spain investigating hacking link in blackout that hit daily services. The Times of India. https://timesofindia.indiatimes.com/technology/tech-news/spain-investigating-hacking-link-in-blackout-that-hit-daily-services/articleshow/121141741.cms
2 Ribeiro, A. R. (2024, July 30). Chaucer reports surge in cyber attacks on UK utilities, amid rising geopolitical tensions. Industrial Cyber. https://industrialcyber.co/utilities-energy-power-water-waste/chaucer-reports-surge-in-cyber-attacks-on-uk-utilities-amid-rising-geopolitical-tensions/
3 Energy Companies Boosting Investment in cybersecurity arms race, to manage the “greatest risk” to the industry today. DNV. (2025, January 22). https://www.dnv.com/cyber/insights/news/energy-companies-boosting-investment-in-cybersecurity-arms-race-to-manage-the-greatest-risk-to-the-industry-today/
4 Global Cybersecurity Outlook 2024. World Economic Forum. (2024, January 11). https://www.weforum.org/publications/global-cybersecurity-outlook-2024/
5 Wolfgang , W., & Langejuergen, V. (2024, December 10). NIS-2-Directive: A Milestone for Cyber Security in Europe. EFS Consulting. https://efs.consulting/en/insight/nis2/
6 Solomon, S. (2017, February 2). Aperio Systems wins cybertech startup competition | The Times of Israel. The Times of Israel. https://www.timesofisrael.com/aperio-systems-wins-cybertech-startup-competition/
7 EDP. (2018, June 6). Powering Great Ideas. https://www.edp.com/en/media/edp-stories/powering-great-ideas
Comments