There is an increasing focus on the integration of IT and OT but not enough attention is being paid to appropriate security, says Ilan Barda, CEO, RADiFlow, who spoke to Engerati at its live studio at the European Utility Week. He adds that utilities should have their security strategy in place from day one.
Cybersecurity from day one
While it is important for utilities to draw on the relevant solutions from the IT world it is important to understand that there are differences in the utility OT world. It is a much more deterministic network which means that rules can be defined in order to detect abnormal behaviour. This is the area where security solutions should be applied, says Barda. “The idea is to work three steps forward and use the best technology that has already been developed in the IT network and apply that in the OT network.”
Cloud services add another layer to the structure of the application and utilities should apply a defense in depth since they should not rely on the fact that there will be security in the cloud, explains Barda. “There should be protection on all the layers of the business – both cloud services and end devices should be protected.”
Sometimes, there may be a need for gateway functions which can deliver an additional level of security. “There is a new area on how to correlate physical security with cybersecurity which requires a wider solution. Company workers’ capabilities can be limited in certain systems and this calls for subtlety.”
Slow cybersecurity development
While utilities are paying a great deal of attention to cybersecurity, not much is being paid to the various different solutions and technical capabilities are sometimes lacking. Barda adds that regulation is also sometimes one step behind insurance companies.
Barda says that Europe’s adoption of cybersecurity in the utility system may be slower than the US because of a lack of awareness and transfer of innovation.