The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

27,291 Members

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

SG Tech Europe: Cyber security expertise is growing – on both sides

Leowolfert - Dreamstime.com

This year, I was invited to speak at SG Tech Europe about monitoring the evolving cyber security threat landscape for energy grids. It was heartening to see so many utilities representatives engaged with cyber security topics – not just at my talk, but at others on the agenda, such as the sessions from Alliander and EDF.

The sector continues to become more engaged with this crucial topic, and with engagement comes knowledge. Knowledge is building up everywhere – in the utilities, in the security community, but also – unfortunately – among hackers.

We know more

According to the SANS 2016 State of ICS Security Survey, security experts at grid operators are well aware of the vulnerabilities. Both traditional IT systems such as office networks and OT related items such as connections to the field SCADA network rank highly as control system components considered at risk of compromise. There is strong awareness that any part of a system might be vulnerable, and through our training programme we see greater interest in security architecture and assuring security of systems and components.

They know more

However, attackers have not been sitting out this race: they know more than ever, too. Quicker than industry can find and patch vulnerabilities, hackers seem to find new ones. Many exploits are now in the public domain, which helps attackers as much as it does defenders. Cyber attacks are not new, what is new is the scale, sophistication and diversity.

There are opportunistic attackers, such as script kiddies, hacktivists and researchers. These are unlikely to do much damage to the grid besides by accident – their goals aren’t usually that destructive. The more dangerous breeds are targeted attackers. These could be terrorists looking to cause blackouts, criminals targeting OT systems for extortion purposes, or nation state actors conducting espionage or looking to sabotage critical infrastructure in the context of hybrid warfare. Just as the industry has been doing its homework, so have these groups. In fact, mainly nation state actors have the resources and skills required to do real harm to the grid.

How to respond

It would be wrong to predict catastrophe though. Some in the industry may have been slow to wake up to the cyber security threat, but there are focused efforts from many sides.

European regulators, for example, have ramped up activity on cybersecurity considerably. The NIS Directive, effective as of May last year, will soon be followed by the Cybersecurity Act, which lays out a European cybersecurity certification framework for ICT products and services. There is also a Network Code for Cybersecurity in the works focusing on energy domain specifics, taking into account particular aspects such as the sustained presence of legacy systems, real time requirements and potential cascading effects.

Within utilities too, significant progress is being made. Greater engagement leads to greater action. W are seeing utilities taking more preventative measures – such as, training, procuring secure components, security testing and sharing vulnerabilities and threat analyses – and also responsive ones, such as setting up a security operations centre (SOC), risk assessments and use of active and passive sensors throughout the network.

In the wrong hands, knowledge can be a dangerous thing. There is no way for us to stop attackers developing their knowledge, so we must ensure that we know more, and stay  ahead of the game.

That means collaboration – we will achieve more working together than repeating one another’s efforts. We must focus on closing the skills gap and bringing more security expertise into the energy sector, on sharing information and knowledge to improve the security of all. We must build a security community that can raise standards throughout the fields of policy, architecture and operations.

Ultimately that is what we, at ENCS are about as a network: building that community, creating this expertise and sharing that knowledge. However, it is also what events such as SG Tech are about – bringing together professionals to learn from one another in a spirit of collaboration, rather than competition. I look forward to next year.

Anjos Nijk's picture

Thank Anjos for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »