Editorial: Utilities embark on a cyber odyssey

Senior officials in the EU and the US are waking up to the cyber security threat to critical infrastructure as digitalisation and decentralisation lower the barriers for hackers.
Published: Tue 09 Jul 2019

Electricity networks are becoming a tale of two grids – one running on operational technology at large physical assets sometimes more than 20 years old, overlaid with another much more modern, digital, and increasingly connected in the cloud rather than with wires. Much like the dichotomy of the internet, the power of digitalisation can be used for great benefit but also untold damage if left uncontrolled. Decentralisation and smart devices with limited or no security measures are providing hackers with multiple easy access points to a much larger, critical infrastructure. Just as they are facing the challenging mission of reducing reliance on fossil fuels amid changing market dynamics and shrinking margins, utilities are under constant attack. How do system operators navigate the dilemma of how to share information and allow access to their previously fortress-like systems in order to promote efficiency and flexibility, but still be able to identify the Trojan horse and pull up the drawbridge in the nick of time? What happens if one day, as in 2001: A Space Odyssey, the grid says, “I’m sorry, Dave, I’m afraid I can’t do that.”

A high-level event in Brussels today gathering senior representatives from the EU Commission, NATO, energy firms and cyber experts will address these challenges and how to implement the April cyber security recommendation. The need for a European network code for cyber security for electricity and certification in the energy sector will be discussed, following the entry into force of the EU Cyber Security Act at the end of June.

Utilities are also taking the initiative, for example innogy has opened a cybersecurity training centre in Essen, Germany, where electricity grid operators can practice how to fend off hacker attacks. The Connecting Europe Facility is offering funding for projects that develop digital infrastructure including €10 million for cyber security with proposals due by 14 November. An information call is being held on 10th July.

 

US lawmakers are seeking to defend their electricity network from cyber attack with ‘retro’ analogue and manual technology to isolate the most important control systems. “Our connectivity is a strength that, if left unprotected, can be exploited as a weakness,” said the senator co-sponsoring the Securing Energy Infrastructure Act. And regulator the Federal Energy Regulatory Commission aims to make the electric system more secure by expanding the reporting requirements for incidents involving attempts to compromise operation of the grid.

Some may call it counterintuitive to slow the progress of digitalisation. But alongside the breakneck pace of technological innovation and the urgency of building a shiny new digital network, there’s the perennial underlying battle between the good guys and the baddies. And that still needs the human touch.