Energy infrastructure is almost fully digitized, but how safe is it?
As of 2018 utilities worldwide have spent more than 14 billion US dollars to build “Smart” infrastructure. As more critical infrastructure is connected to the Internet of Things (IOT) and Cyber Physical Systems (CPS), cyber security is becoming a bigger issue. This evolution to “smart infrastructure” is a positive development for the energy industry as it provides additional flexibility and efficiencies. However, the security policies of many utilities have not evolved along with it, leaving them vulnerable to cyber criminals.
Between 2018 and 2023, 84 billion dollars will be invested in digital infrastructure. Investments in digital infrastructure will remain very high over the next several years but investments in securing that infrastructure will lag behind. 75% of the invested funds will be driven by investments in hardware, such as smart meters. The investment in beefing up cybersecurity is projected to be a tiny fraction of the total investment in This leaves Utility companies vulnerable to exploitation by cyber criminals. Despite the lag, utilities and other owners of critical infrastructure have begun to understand just how vulnerable they are. They are taking cybersecurity seriously and they have started investing heavily towards hardening these systems.
In addition to grid-infrastructure, the investment in enabling smart buildings and smart factories is growing exponentially. These investments are severely lagging in the Behind the Meter (BTM) side of critical infrastructure, namely the facilities themselves. As more facilities begin implementing solutions such as smart lighting, smart energy monitoring and Distributed Energy Resources, these systems will become the target of increasingly sophisticated ‘bad actors’, whether from nation states causing havoc or rogue hackers looking to make some bitcoin through a ransomware attack, which occurred in 2019 for a Toronto hospital network.
The Digitalization of the Utilities Market and Smart Facilities has huge upside and will continue despite the risks. The advantages of infrastructure digitalization include:
• Lower costs achieved through the automation of utility and metering processes
• Increased predictability and responsiveness by allowing for easier monitoring and maintenance of the infrastructure
• Increased efficiency and reliability of the supply chain as it relates to electricity, water and gas
• Reduced incidents of services theft which presents a challenge in developing countries
• Flexibility in monitoring and management of energy distribution as more renewable, non-continuous energy resources are added to the grid
• Meeting consumer demand for more consumption information to help better manage resources and budgets
The main cybersecurity risks associated with infrastructure can be categorized as:
Undetected unauthorized activity in critical systems
Weaker boundaries between ICS and enterprise networks
Identification and Authentication
Lack of accountability and traceability for user action when an account is compromised
Increased difficulty in securing accounts when personnel leave an organization, especially sensitive for users with administrator access
Allocation of Resources
Lack of backup or alternate personnel to fill positions if primary is unable to work
Loss of critical knowledge of control systems should systems be compromised
Physical Access Control
Unauthorized physical access to field equipment and locations provides increased opportunity to:
Maliciously modify, delete or copy device programs and firmware
Access the ICS network to steal or vandalize cyber assets
Add rogue devices to capture and retransmit network traffic
Compromised unsecured or compromised password communications will allow unauthorized access to system
Increased vectors for malicious party access to critical systems
Rogue internal access established
Three Key Considerations for Deploying Secure IOT Solutions:
Understand the IoT architecture options, and leverage partners that not only have end-to-end IoT architecture knowledge, but also thorough knowledge of the IoT ecosystem.
Prioritize connected infrastructure that has integrated security capabilities, from the device level, to any intermediate hardware systems, to the different services that can be layered on top of what’s connected.
Take the time to understand the different regulations or choose partners that deeply understand regulations for securing utility infrastructure.
As the Energy Industry revolutionizes into Smart Infrastructure, Edgecom Energy is finalizing a solution for the cyber security issues on hand – specifically as they relate to Distributed Energy Resources. Edgecom Energy is solving these issues using a Blockchain secured Network Operation Center and IoT platform. Integration of Blockchain technology and Smart Infrastructure allows users to verify and audit transactions independently and relatively inexpensively. Blockchain will increase the security of energy transactions by distributing the checkpoints and by allowing smart contracts to function without human intervention – especially malicious human intervention. To learn more about Edgecom Energy’s Blockchain Technology integrations click here to read our post.