Vestas Wind Systems, a Danish manufacturer, seller, installer, and servicer of wind turbines, was a victim of a cybersecurity incident and had to shut down its systems across various locations to contain the spread of the attack.
A popular name in the sustainable energy solutions industry, Vestas, has over 25,000 employees across multiple locations. In a brief media release, the company shared that on November 19, 2021, it had been impacted by a cybersecurity incident. It had to shut down its IT systems across multiple business units and locations to contain the spread of the attack. Post a preliminary finding, Vestas updated that the incident had impacted the internal IT infrastructure and that data has been compromised.
Vestas stated, “There is no indication that the incident has impacted third-party operations, including customer and supply chain operations. Vestas’ manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution. Vestas has already initiated a gradual and controlled reopening of all IT systems.”
The world’s largest maker of wind turbines hit by cyber attack, shutting down IT systems in a bid to contain the incident. https://t.co/OMAOGpQcWM
— IT Governance Europe (@ITGovernanceEU) November 22, 2021
The company is yet to share the type/nature of the attack, the extent of the compromised data and if there is any threat from the lost data.
“We are working together with our internal and external partners to contain the issue fully and recover our systems,” Vestas said.
Attacks on essential services and critical infrastructure continue to make news. Colonial Pipeline attack is a recurring reference point to amplify the severity of cyberattacks on critical infrastructure. Regulatory bodies and policymakers have time and again issued alerts to create awareness and implement robust security policies for better protection of critical digital infrastructures globally. A few months ago, the U.S. House Committee on Homeland Security had passed seven bipartisan security bills to bolster defense capabilities, enhance pipeline security, and defend supply-chain attacks targeting U.S. organizations and critical infrastructure.
Stan Mierzwa, M.S., CISSP, Director and Lecturer, Center for Cybersecurity, Kean University expressed, “With the international attacks on electrical power infrastructure, the threat actor motives could be a timely opportunity for those with accountability in this critical sector to review their Information Governance (IG) programs. Like other such efforts that partake in steps of continuous improvements, an IG driver should not be considered static, but more of living energy. To many, the idea of an IG program may seem vague – so as a brief reminder, IG programs include the ways an organization maintains its security, works to comply with regulations and laws in the respective industry, and maintains ethical standards (Smallwood, R. F. 2020).”