Three Workers at Central Control Room in Knapsack, Germany.
As an international energy business working with large and complex technology, we are exposed to a variety of security risks. We continuously work to reduce these risks to keep our people, assets, and operations secure.
A systematic approach to risk reduction
For us, security relates to three main areas:
- physical security
- personnel security
- cyber security (encompassing information-and IT security)
As the world becomes ever more connected, protecting these areas can be challenging. We have a systematic approach to assessing risk, through analysing threats, vulnerabilities, and consequences. Having assessed the risks, we take steps to reduce them wherever possible.
An area of growing concern is cyber security and according to the Norwegian National Cyber Security Center, digital attacks against the power sector, and other critical services, may have dire consequences.
Failure in our security management could potentially lead to injury, loss of life, damage to our installations, financial damage and loss of information. Our ability to keep our people, assets and operations secure from threats is therefore central to the functioning of our business.
Statkraft’s capability to handle serious and unwanted emergency events is a constant priority. Our emergency response is based on the use of dedicated and temporary teams. This approach aims to enable Statkraft to simultaneously handle emergencies at local, regional/national and strategic levels. Statkraft is also working with other companies, non-governmental organisations, local law enforcement and fire departments to ensure the best possible preparedness for handling emergencies.
Our focus areas
To reduce the security risks we face, we focus our efforts on improving our processes and capabilities for security management and improving the awareness and behaviour of our employees. Our security approach is constantly co-evolving to keep pace with new types of threats as they emerge, as well as changes in national security regulations where we operate.
We secure our buildings, plants and infrastructure against unauthorised access to protect against external threats and vandalism, but also to protect the communities surrounding our installations. Our emergency preparedness plans are designed to handle emergencies in a structured and systematic manner and we conduct regular drills across our business units, country offices and power plants.
The insider threat is often cited as a serious challenge to both private and public enterprises. Part of managing this risk is to integrate security procedures and practices within the entire employment lifecycle from recruitment through to eventual termination.
Cyber and information security
Our information is a valuable asset, owned by the different organisational units throughout the company. We use awareness campaigns and training to create a strong information security culture, highlighting threats including phishing emails and phone scams.
Cyber attacks are generally increasing both in quantity and sophistication. We continuously work to improve our operational abilities to protect, detect, and handle events in the cyber domain. Our cyber security team manages cyber incidents and map critical assets across our extended enterprise.