Behind the firewall: a discussion on the evolution of cybersecurity in the utility industry

cybersecurity_

(Michael Dziedzic, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Andrew Gumbiner, Consultant, Siemens


  • The utility sector is being transformed – and this process has opened the industry up to a new range of cyber-threats.
  • Attacks will continue to escalate in frequency and complexity.
  • Here, two industry experts give their views on this new paradigm – and what the sector can do to protect itself and its customers.

The utility industry is undergoing a massive transformation. Everything from the digitalization of critical infrastructure to the relationship between utilities and their customers is in transition. In the past decade, sophisticated organizations have seized on the promise of data from information technology (IT) to optimize operational technology (OT), including legacy power-generation assets, digitally native energy sources and distribution systems. While the push to increase connectivity has helped the utility industry achieve greater efficiency, reduce emissions, and deliver reliable and affordable power to customers, it has also exposed weaknesses in its cyber defenses.

Cyberattacks now threaten the core value proposition for energy companies. Digital OT makes an attractive target for a host of actors whose objectives range from financial gain to sheer disruption – and today, a cyber arms-race is the new normal for utilities and their suppliers. As digital technologies spread through and add value to energy infrastructure, attacks will continue to escalate in frequency and sophistication.

To explore the cyber challenges and opportunities facing the utility industry, Leo Simonovich, Vice President and Global Head of Industrial Cyber and Digital Security at Siemens Energy, and Phil Tonkin, the Principal Security Engineer and Global Head of Cybersecurity Engineering for Operational Technology at National Grid, share their perspectives on the state of the industry.

Cybersecurity

What is the World Economic Forum doing about making our electricity ecosystem cyber resilient?

Cyber resilience is a challenge for organizations globally, but particularly for the electricity industry. Power systems are among the most complex and critical of all infrastructures and act as the backbone of economic activity.

The unprecedented pace of technological change driven by the Fourth Industrial Revolution means that our systems of health, transport, communication, production and distribution will demand rapidly increasing energy resources to support global digitalization and advancement of interconnected devices.

Our Platforms for Shaping the Future of Cybersecurity and Digital Trust and Shaping the Future of Energy and Materials have pioneered a Systems of Cyber Resilience: Electricity Initiative, which brings together leaders from more than 50 businesses, governments, civil society and academia, each with their own perspective, to collaborate and develop a clear and coherent cybersecurity vision for the electricity industry.

Our Systems of Cyber Resilience: Electricity project is designed to enhance cyber resilience across the electricity ecosystem. To join our platforms and bring your cyber resilience expertise to drive this or similar initiatives, contact us or read more in our Impact Story.

Phil, how do you view the evolution of cyber-threats to this industry, and what are you seeing on the ground at National Grid today?

Phil: Over the years, we’ve seen utilities being targeted either for criminal purposes or other nefarious reasons with ever-increasing maturity and an increasing ability to exploit OT systems. The increase in cyber-threats to utilities has grown as attackers and adversaries have become more familiar with the technology that we use. Previously, only cybersecurity professionals working at a utility understood the end products and protocols that were vulnerable to attacks, but now we are moving towards a set of threats which are executed by very talented adversaries who are capable of specifically targeting the industrial sector.

A key reason for this change is that for a long time cybersecurity for the energy sector has been built around the need to improve efficiency by increasing connectivity within organizations. As a consequence, security for utilities was constructed in a way to ensure resilient operations within a very trusted environment. However, as utilities have increasingly adopted digital technologies to improve efficiency and create system-level solutions to balance the grid, companies have unknowingly created new cyber-threats which became very appealing to malicious actors. We’ve seen real movement towards attackers targeting industrial organizations with social or critical infrastructure responsibilities, like us in the energy sector, and also all those in manufacturing, critical healthcare or municipal functions.

Cyberattacks on infrastructure are a growing threat, according to this year's Global Risks Report
Cyberattacks on infrastructure are a growing threat, according to this year’s Global Risks Report
Image: World Economic Forum Global Risks Report 2020

Leo, how does Siemens view the cyber-threat to industry?

Leo: At Siemens, we are seeing similar trends. The number of attacks has gone up exponentially, and the sophistication of those attacks is increasing as well. What’s more, these threats are increasingly targeted towards the industrial sector, and in particular towards energy production. The impact of those attacks is what’s really worsened because an attack against the OT environment can result in a shut down – or worse, a safety event.

These attacks are coming increasingly from the convergence of physical and digital worlds. The notion that someone is safe because they’re air-gapped, I think, is largely gone because a significant share of attacks now come from within the plant. Either the attacks are from the office environment into the OT environment – such as a phishing scam – or they are brought in by an intelligent insider carrying malware into the plant environment. This has created a new threat landscape that utilities and operators, as well as OEMs like us, must urgently address. Going forward, solving this problem will require strong partnerships between utilities, like National Grid, and companies like ours that have a long legacy in both manufacturing OT and securing the IT systems that are essential in today’s digital environment.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

From landlocked to land-linked: how the UN is helping some of the world’s poorest countries

Child victims of DRC Ebola outbreak need ‘special attention and care’: UNICEF

New EU rules ensure better protection for 120 million holidaymakers this summer

Island nations on climate crisis frontline ‘not sitting idly by’

Jellyfish are taking over the world – and climate change could be to blame

Joint statement following the 22nd EU-Ukraine Summit, 6 October 2020

Thailand gave healthcare to its entire population and the results were dramatic

FROM THE FIELD: Conversations about Conservation

Drinking coffee could help you live longer, research finds

Education and Training: where do we stand in 2014?

Mosquitoes kill more people every day than sharks do in a century

JADE Handover Ceremony at the European Parliement

EU-Japan trade agreement enters into force

European Commission: Does Apple, Starbucks and Fiat really pay their taxes?

‘Global sisterhood’ tells perpetrators ‘time is up’ for pandemic of violence

Here are 4 tips for governing by design in the Fourth Industrial Revolution

Inequality triggered protests across Latin America. Here’s how the youth can help

Libya: UN Mission condemns deadly attack against police in country’s south-east

THE COMMITTEES: ‘All roads lead to the Fifth’

Thursday’s Daily Brief: dire living conditions in Idlib, migrants at US southern border, end in sight for trachoma, Human Rights Council

What happiness can teach us about how we measure human development

State aid: Commission adopts Temporary Framework to enable Member States to further support the economy in the COVID-19 outbreak

Questions and answers: Commission proposes SURE, a new temporary instrument worth up to €100 billion to help protect jobs and people in work

A new crop of EU ‘Boards’ override the democratic accountability and undermine the EU project

Giving humanitarian help to migrants should not be a crime, say MEPs

World Health Organization calls crisis meeting over deadly Ebola outbreak in DR Congo

Knowledge management and entrepreneurship: short term vs. long term perspective

UN chief urges Somalis not to be ‘deterred’ by latest deadly terror attack

UN chief welcomes announcement by Emir of Qatar to allocate $50 million to support Syrian refugees, displaced persons

De-escalation of fighting in Hodeida is key to ‘long-overdue’ restart of Yemen peace talks: UN envoy

Antitrust: Commission fines Google €1.49 billion for abusive practices in online advertising

EU, Canada and China co-host international meeting on climate cooperation and a sustainable economic recovery

Why COVID-19 poses a particular threat in the world’s slums

Why Sweden’s cashless society is no longer a utopia

How to make primary healthcare a favourable career choice for medical students: Strategies and reflections

Eurozone’s sovereign debt not a problem anymore?

BRICS’ New Development Bank turns four: what has it achieved?

10 things Europe does better than the rest of the world

Women and sustainable finance: fuel for the engine of COVID recovery

Education should be like everything else. An on-demand service

5G is here: PT Expo China 2019 will be held October 31 – November 3, in association with The European Sting

EU-China Leaders’ meeting: Delivering results by standing firm on EU interests and values

‘Critical moment’ for sustainable development, UN chief tells major financing forum

Capital Markets Union: Making it easier for insurers to invest in the real economy

At UN, France’s Macron says more ‘political courage’ is needed to face global challenges

World response to AIDS epidemic at a ‘critical juncture’

Chatterbox Rome Declaration cannot save the EU; Germany has to pay more to do that

ECB indicates south Europeans can endure more austerity

Could the fourth wave of globalization help to end epidemics?

EU defence gets a boost as the European Defence Fund becomes a reality

Illegal fishing: EU lifts Taiwan’s yellow card following reforms

7 lessons leaders should take from the COVID-19 crisis

OECD sees global growth slowing, as Europe weakens and risks persist

Using the quarantine to your advantage

Why exporters need to mind the trade finance gap

Joint UN, OSCE engagement can address crisis in Ukraine, other ‘dark spots of conflict’ in Europe

More urgency needed to help increasing numbers ‘locked out’, before 2030, says UN’s Bachelet

State aid: Commission approves Belgian scheme deferring payment by Walloon airports of concession fees to mitigate economic impact of coronavirus outbreak

The EU Parliament sidesteps the real issues about banks, while the US target the Eurozone lenders

What do refugees really need from those who want to help? A refugee explains

More Stings?

Advertising

Trackbacks

  1. […] Your firewall is an essential part of protecting your system. However, if not properly configured, a single host may be protected by the firewall. With today’s age of technology, the idea of not having a monitoring service available is being taken away. […]

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s