As the Middle East accelerates its digital transformation, energy and utilities companies are facing a dual challenge: They must embrace innovation to become more efficient, while also defending against cyber threats that are growing in sophistication and frequency.
“Cyberattacks on critical infrastructure are not a question of if, but when,” says Senkron Digital MD Ali Inal, who urges energy, utilities and other critical sectors to implement proactive defenses that are smarter, faster, and more agile than the threats they face.
The numbers underline the urgency, he tells Utilities Middle East, citing the UAE Cybersecurity Council, which estimates more than 200 000 attacks occur daily. Critical infrastructure (such as power grids, water networks, LNG terminals) are prime targets.
A breach isn’t just stolen data; it can disrupt electricity, halt water supply, compromise public safety, and ripple through national supply chains.
Part of the challenge comes from how digitalisation is changing the threat landscape, Inal explains, adding that while IT and operational technology (OT) systems were once separate, they have become deeply connected with advancing industrial IoT and automation.
“A single phishing email or cloud hack can become a gateway into operational systems, potentially shutting down power plants or LNG operations. OT security is no longer just an engineering issue; it’s a board-level concern,” Inal states.
Recent attacks illustrate the stakes. For example, in August 2024, the RansomHub group breached Halliburton’s systems in the UAE, and saw IT shutdowns and customer disconnections causing estimated losses of $35 million and showed how quickly operational disruption can cascade through supply chains.
However, Inal notes that vulnerabilities vary – Which means that while some plants rely on decades-old OT equipment that wasn’t built with cybersecurity in mind, others face new risks from AI, cloud platforms, and digital connectivity.
Human error (think weak passwords, phishing, or accidental clicks) also remains a constant risk. Inal stresses that companies need a mix of technology, processes, and frameworks like IEC 62443, NIS2, or NIST to stay ahead.
Considering this, Inal says utilities and energy operators need layered defenses, constant monitoring, and segmentation to stop attacks from spreading. Contingency planning through implementing backup systems, tested incident-response protocols, and crisis drills, is critical.
“Cybersecurity measures must be bespoke and tailored not only to their field, but to their specific operational reality,” Inal says.
However, cybersecurity and efficiency are not at odds, Inal adds, stating that “a breach is far costlier than preventative investment” and that “leaders should prioritise risk-based investment, starting with systems where disruption would be most damaging”.
Embedding cybersecurity into digital transformation projects therefore ensures innovation and resilience grow together.
Looking ahead, Inal points to three priorities: First, treat frameworks like IEC 62443 and NIST as strategic tools, not just compliance checklists. Second, invest in people as well as technology, making sure executives and operators are trained, not just IT teams. Third, use AI and digital tools responsibly.
“While attackers exploit these technologies, they can also be used to defend systems more effectively,” he says, emphasising that “collaboration is key” in having utilities, regulators, and cybersecurity bodies in the region work together to strengthen defenses.
“The future belongs to those who invest not only in new technology, but also in the people who protect it,” Inal concludes.
- Simone Liedtke