Cybersecurity – an IT or leadership challenge?

Cybersecurity needs to be at the heart of the utility business as well the technical solutions, says Dutch administration advisor Rene Marchal.
Published: Fri 05 Jan 2018

As utilities digitalise more and more, their cybersecurity defences become ever more important.

While nothing on the scale of the successive attacks on the power grid in Ukraine has been reported in the sector over the past year, the threat is ever present.

Last September, Symantec attributed the upsurge in activities targeting the power sectors in Europe and North America to a group named Dragonfly, which appeared to have been dormant

According to researchers from the Slovakian security company ESET, the malware used in the December 2016 attack in Ukraine, which has been named both ‘Industroyer’ and ‘Crashoverride’, is “the biggest threat to industrial control systems since Stuxnet” – the malicious worm identified in 2010 that more than any other, drew attention to the vulnerabilities in the power sector.

And with implications for an Internet of Things, according to Kaspersky Lab incidents involving non computing devices “are among the top-3 incidents with the most severe financial impact” for businesses.

Cybersecurity – a leadership issue

Obviously, cybersecurity is a technical issue, involving firewalls, malware and virus detection and other software solutions.

But it is also a leadership issue, says Rene Marchal, on secondment from the Dutch transmission system operator TenneT as the national expert on cybersecurity to the country’s administration.

“With an interconnected system such as in a utility, cybersecurity must be an integral part of it and thus the solutions are found not within the IT department but in leadership,” he says.

“Cybersecurity should be an integral part of risk assessments and investment plans and thus not only at the heart of the technical solutions but also at the heart of doing business.”


Rene Marchal, National Expert on cybersecurity for the Dutch Administration (seconded from TenneT) discusses the importance of cybersecurity in national grids.

Legislative challenges

Nevertheless, Marchal cites one key challenge as the sharing of security intelligence within the TSO community in Europe, which is restricted by national legislations across the region.

“In a sense we are working on two stools. As the system operator we are working on connecting the system but we are also bound by the national legislation and that doesn’t work. If we are all working to connect the dots to one system, we need to connect the vulnerabilities and threats and the responsibilities.”

On threats, Marchal says there needs to be deeper cooperation with national intelligence services as these pertain to national security.

Ethical hacking

On vulnerabilities, Marchal points to an initiative TenneT developed working with the hacking community, which has resulted in the development of an expertise centre for “ethical hacking”.

“We need these resources and by giving them an ethical framework to work within, we can profit from it.”

He also highlights the need for training, particularly for management, such as is offered by the European Network for Cybersecurity.

“Training on how to attack and defend a SCADA system really gives a good understanding of the risk of threats and how to mitigate them.”

In conclusion, Marchal asks if players are “going to wait for a big security incident to occur or to take signals such as the Ukraine incidents seriously?” or as he puts it, “act on smoke or wait for the fire?”

He says he believe that the signals are there but with the utilities a regulated business and the investment requirements for cybersecurity huge, “there needs to be more awareness in the regulatory frameworks and the national agencies.”

Related Webinar