Edition: International | Greek
MENU

Home » Analyses

Evolution of cybersecurity in the utility industry

The utility industry is undergoing a massive transformation. Everything from the digitalization of critical infrastructure to the relationship between utilities and their customers is in transition

By: EBR - Posted: Friday, May 22, 2020

«Over the years, we’ve seen utilities being targeted either for criminal purposes or other nefarious reasons with ever-increasing maturity and an increasing ability to exploit OT systems. The increase in cyber-threats to utilities has grown as attackers and adversaries have become more familiar with the technology that we use.»
«Over the years, we’ve seen utilities being targeted either for criminal purposes or other nefarious reasons with ever-increasing maturity and an increasing ability to exploit OT systems. The increase in cyber-threats to utilities has grown as attackers and adversaries have become more familiar with the technology that we use.»

by Andrew Gumbiner*

-The utility sector is being transformed - and this process has opened the industry up to a new range of cyber-threats.
-Attacks will continue to escalate in frequency and complexity.
-Here, two industry experts give their views on this new paradigm - and what the sector can do to protect itself and its customers.

The utility industry is undergoing a massive transformation. Everything from the digitalization of critical infrastructure to the relationship between utilities and their customers is in transition. In the past decade, sophisticated organizations have seized on the promise of data from information technology (IT) to optimize operational technology (OT), including legacy power-generation assets, digitally native energy sources and distribution systems. While the push to increase connectivity has helped the utility industry achieve greater efficiency, reduce emissions, and deliver reliable and affordable power to customers, it has also exposed weaknesses in its cyber defenses.

Cyberattacks now threaten the core value proposition for energy companies. Digital OT makes an attractive target for a host of actors whose objectives range from financial gain to sheer disruption - and today, a cyber arms-race is the new normal for utilities and their suppliers. As digital technologies spread through and add value to energy infrastructure, attacks will continue to escalate in frequency and sophistication.

To explore the cyber challenges and opportunities facing the utility industry, Leo Simonovich, Vice President and Global Head of Industrial Cyber and Digital Security at Siemens Energy, and Phil Tonkin, the Principal Security Engineer and Global Head of Cybersecurity Engineering for Operational Technology at National Grid, share their perspectives on the state of the industry.

Phil, how do you view the evolution of cyber-threats to this industry, and what are you seeing on the ground at National Grid today?

Phil: Over the years, we’ve seen utilities being targeted either for criminal purposes or other nefarious reasons with ever-increasing maturity and an increasing ability to exploit OT systems. The increase in cyber-threats to utilities has grown as attackers and adversaries have become more familiar with the technology that we use. Previously, only cybersecurity professionals working at a utility understood the end products and protocols that were vulnerable to attacks, but now we are moving towards a set of threats which are executed by very talented adversaries who are capable of specifically targeting the industrial sector.

A key reason for this change is that for a long time cybersecurity for the energy sector has been built around the need to improve efficiency by increasing connectivity within organizations. As a consequence, security for utilities was constructed in a way to ensure resilient operations within a very trusted environment. However, as utilities have increasingly adopted digital technologies to improve efficiency and create system-level solutions to balance the grid, companies have unknowingly created new cyber-threats which became very appealing to malicious actors. We’ve seen real movement towards attackers targeting industrial organizations with social or critical infrastructure responsibilities, like us in the energy sector, and also all those in manufacturing, critical healthcare or municipal functions.

Leo, how does Siemens view the cyber-threat to industry?

Leo: At Siemens, we are seeing similar trends. The number of attacks has gone up exponentially, and the sophistication of those attacks is increasing as well. What’s more, these threats are increasingly targeted towards the industrial sector, and in particular towards energy production. The impact of those attacks is what’s really worsened because an attack against the OT environment can result in a shut down - or worse, a safety event.

These attacks are coming increasingly from the convergence of physical and digital worlds. The notion that someone is safe because they’re air-gapped, I think, is largely gone because a significant share of attacks now come from within the plant. Either the attacks are from the office environment into the OT environment – such as a phishing scam – or they are brought in by an intelligent insider carrying malware into the plant environment. This has created a new threat landscape that utilities and operators, as well as OEMs like us, must urgently address. Going forward, solving this problem will require strong partnerships between utilities, like National Grid, and companies like ours that have a long legacy in both manufacturing OT and securing the IT systems that are essential in today’s digital environment.

*Consultant, Siemens
**first published in: www.weforum.org

READ ALSO

EU Actually

EU – China Summit : Merkel – Von der Leyen – Michel vs Xi

N. Peter KramerBy: N. Peter Kramer

September 14. While the initial summit lost its official in-person character due to the COVID-19 pandemic, the 3 EU leaders and the Chinese leader attended a virtual meeting via videoconference

View 01/2020 2020 Digital edition

Magazine

Current Issue

01/2020 2020

View past issues
Subscribe
Advertise
Digital edition

Europe

SURE: financial support to help protect jobs and workers affected by the pandemic

SURE: financial support to help protect jobs and workers affected by the pandemic

The Commission welcomes the activation of the SURE instrument, which will provide up to €100 billion in financial support to help protect jobs and workers affected by the coronavirus pandemic.

Business

3 questions for leaders using tech to make the world a better place

3 questions for leaders using tech to make the world a better place

We’re currently tackling the biggest global public health crisis in a century. We will need to act decisively and rapidly if we are to address this crisis head on and rebuild and reconfigure our economies and societies for a prosperous, inclusive and sustainable future

MARKET INDICES

Powered by Investing.com
All contents © Copyright EMG Strategic Consulting Ltd. 1997-2020. All Rights Reserved   |   Home Page  |   Disclaimer  |   Website by Theratron