Feature Story

Why the energy sector needs to step up cybersecurity

by Jason Deign

The real cybersecurity threats facing energy companies

The real cybersecurity threats facing energy companies.

The power sector is upping its cybersecurity game amid growing fears for the safety of the grid. In the United States, the U.S. Department of Energy is putting millions of dollars into shielding the grid, even looking to use the blockchain for help.

Elsewhere, power firms have started to make cybersecurity a board-level issue. Last September, for instance, the wind turbine maker Siemens Gamesa named Alan Feeley as its chief cybersecurity officer, until now a rare top team post in the sector.

And in January this year, a cleantech venture capital firm called Invenergy took the eyebrow-raising step of backing an industrial cyber security startup. Shielding the grid has become a hot topic on the back of growing proof that the power sector could be open to cyber threats.

See also: VR helps the green energy boom

Also in January, it emerged that oil, gas, and power firms could be under threat from the Meltdown and Spectre chip flaws. 

Dima Tokar, co-founder and Chief Technology Officer at MachNation, an Internet of Things (IoT) insight firm, says that until the flaws are patched, the risk of attack "holds true" for power firms as much as for those in any other sector.

Nor is this the only threat faced by the power sector. Cracks in the cyber safety of the grid have been coming to light for at least the last four years.

Back in in 2014, the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team found that the power sector had seen more cybersecurity breaches than any other in the country. 

And in 2015, a "highly sophisticated" group of hackers showed just how much grids are at risk when they blacked out 230,000 people in Ukraine. The scale of the threat has grown since then.

a survey by the Ponemon Institute and Siemens found 68 percent of oil and gas firms had been hackedLast year alone,a survey by the Ponemon Institute and Siemens found 68 percent of oil and gas firms had been hacked; Symantec said a hacker group had got into European and U.S. grids; and Russian hackers were said to have attacked U.K. energy firms.

In the wake of such headlines, power firms such as the oil and gas majors "want control over their networks at all times," says Stewart Kantor, CEO of Full Spectrum, which designs, develops, and sells industrial IoT wireless network equipment.

Oil rigs are exposed to all sorts of attacks, he says. Oil majors can have thousands of well heads working at any time.

A shutdown or attack on supervisory control and data acquisition systems, as happened with the Stuxnet virus, could have a disastrous impact environmentally and on the company's bottom line.

See also: How blockchain could revolutionize the energy industry

At the same time, hackers know there could be big rewards from holding power sector systems to ransom. For now, the best way of keeping these systems safe is to keep them apart from head office networks connected to the public Internet or to commercial cellular services.

Power sector players are also quickly learning about the need for strict authentication and many layers of security.

Oil and gas majors have an advantage over other power firms, says Kantor, because there are fewer players in the sector and they share knowledge more. But all face a challenge as they try to automate their systems, he says.

All power firms know it makes sense to embrace digital ways of working. But it's clear that moving to a more connected world also entails risks. The sector is working hard to head off threats, for instance by bringing in a new wireless standard for the industrial Internet last year.

Power sector firms need to keep that effort up. Not just for their own sake, but also for us to be able to keep the lights on.

###

The contents or opinions in this feature are independent and may not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.

We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.