Benjamin Beberness, Vice-President, Industry Business Units, AspenTech outlines the steps energy businesses can take to boost their cybersecurity – and explains why they shouldn’t put too much onus on compliance
In the age of digital transformation, the power and utilities sector is under increasing cyber threat. Initiatives such as smart grid implementation and the push towards electrification are increasing such threats. This shift highlights the need for these industries to advance their cybersecurity strategies beyond mere compliance, prioritising the protection of their vital infrastructure to maintain the resilience of energy systems.
Evolving cyber threats demand more vigilant measures
Statistics from the International Energy Agency show that cyberattacks against utility companies globally have more than doubled between 2020-2022. Similarly, the Department of Energy in the US noted a significant increase in both physical and cyber threats to the US power grid in the first half of 2023 alone. These trends highlight the growing sophistication of cyber threats but also highlight the expanding array of targets across the industry, from digital grids to operational technology.
While new regulatory measures such as the US’s Cyber Incident Reporting for Critical Infrastructure Act of 2022, and the EU’s NIS2 directive have been set up to fortify cybersecurity, they alone are inadequate against the dynamic and evolving nature of cyber threats. These regulations should be considered a starting point for cybersecurity initiatives, not the finish line.
The limitations of compliance-only strategies
Focusing only on compliance can create a false sense of security. Cybersecurity regulations establish minimum standards, but hackers continually refine their tactics, often outpacing regulatory updates. For example, even companies strictly adhering to regulations benefit from employing ethical hackers to expose vulnerabilities not covered by existing requirements. This practice illustrates the critical need for a security approach that transcends compliance.
Proactive measures and strategic transparency
Adopting the National Institute of Standards and Technology (NIST) cybersecurity framework is an excellent strategy. It encompasses asset identification, protective controls, anomaly detection, effective incident response, and asset recovery. Additionally, transparent communication about cybersecurity tactics fosters industry-wide collaboration and enhances best practices and intelligence sharing.
Testing cyber defences through third-party collaborations offers valuable insights and demonstrates a serious commitment to cybersecurity to stakeholders. Moreover, creating a secure information-sharing framework within the industry can significantly improve individual companies’ cybersecurity measures by leveraging collective experiences.
Integrating cybersecurity into operational technology and embracing innovation
The integration of real-time monitoring systems that use predictive analytics to identify potential threats before they manifest is crucial. This can involve the integration of machine learning models that predict and detect anomalies in system behaviour, which could indicate a cybersecurity threat.
Coupled with this, digital twin technology could be used to simulate cyber-attacks in a controlled virtual environment. This enables testing of potential vulnerabilities and the assessment of the impact of various cyber threats on virtual models of physical systems without risking actual operations.
Organisations should also carefully consider the development and implementation of a comprehensive risk management framework that regularly assesses cybersecurity risks as part of the operational process. This framework should also include guidelines for updating and maintaining security measures in response to these assessments.
Given human error can often contribute to security breaches, most energy and utilities companies need regular, mandatory training programmes that concentrate on cybersecurity awareness and procedures. This training could be integrated with the implementation of their systems, making certain that employees are knowledgeable about operational and security features.
Companies operating across these sectors should, however, not only focus on preventing cyber-attacks but also on minimising the impact of successful breaches and on recovering swiftly. This dual focus on resilience and recovery is vital in maintaining operations and trust, especially when the inevitable occurs.
The increasing integration of technologies like Distributed Energy Resources (DER) and demand response enlarges the potential attack surface but also provides tools to enhance security. Utilising AI and machine learning for ongoing threat adaptation, along with implementing redundant cloud-based systems, can bolster security and minimise downtime in the event of cyberattacks.
By incorporating these practices and new technologies, energy companies can make cybersecurity a seamless element of their operational framework, potentially enhancing both their efficiency and security posture.
A comprehensive approach is essential
Simply adhering to regulatory standards is not enough to secure the future against cyber threats. The power and utilities sectors must embrace a holistic cybersecurity strategy that involves constant risk assessment, technological innovation, and a culture of transparency and proactive defence.
As we move forward, the industry needs to not only defend itself against current cyber threats but also prepare for future ones. This proactive and comprehensive approach to cybersecurity protects critical infrastructure and ensures the resilience and reliability of our energy systems in the face of ever-evolving cyber threats.
Read more on technology in the November issue of gasworld global
