Cyber security in the world of energy innovation

Next steps

Contact an expert

Across the globe, nations are addressing the challenge of affordable and secure low carbon energy generation and supply.

Typically the energy security solutions have been focused on the certainty of supply relative to demand, avoiding black-outs and trying to balance the grid. However, the security of energy supply must necessarily refer to the integrity of the systems and network controlling the delivery of the energy as well as balancing the supply and demand equation.

Early debates in the SmartGrid arena focused on data privacy as domestic energy users raised concerns about the monitoring of their personal energy use through the roll out of Smart Meters. However, those at the centre of the development of energy delivery and control solutions were already very focused on the issues around the velocity, veracity, variety and volume of data that would need to be safely collected and protected in its transfer and use. They were already looking at the security of the data that will be central to delivering the efficiencies in our energy system and driving appropriate changes in demand behaviour.

Interestingly, early pioneers of Smart Meters championed them for their protection against the physical manipulation of dumb meters, this being a strong argument used in the early roll out of Smart Meters in Italy, where the roll out is the most advanced in Europe (although a possible implication being that the meters have not been recent enough to fit in with the direction of standards). However, with the advances in solutions which are Digital By Default, those looking to exploit systems unfairly have of course adapted their approach. Our own work with first-mover utilities rolling out Smart Meters in the UK illustrated the novel challenges being thrown up even at that stage: the application of outdated energy legislation dealing with energy theft when applied to theft by cyber hacking.

Whilst the legislative and regulatory environment has moved on in many countries, it continues to struggle to keep pace with the developments in the energy industry – in common with other high innovation markets. The proposals set out in the recently released cybersecurity draft framework from the National Institute of Standards and Technology attempt to provide discrete actions that utilities and state regulators can put into practice to implement President Obama’s February executive order on cybersecurity preparedness. But these remain only guidelines, and in reality most utilities are still struggling to come to grips with the implications of the shift from traditional information technology (where the tech risk was an internal management issue) to operational technology (where the tech risk becomes a fundamental system risk).

The threat presented to our cyber systems include a range of tools designed to attack our global network of information systems, including internet, telecoms networks, critical infrastructure computer systems and embedded processors and controls. All of these parts are resident in the developing world of power management. Threats come from tools including data manipulation, eavesdropping, hardware trojans and spoofing; the intention could be hacking, phishing, espionage or interruption. It may be designed to simply reduce a domestic energy bill or steal energy at a time of high prices and/or low supply but at the other end of the spectrum it is about making sure the systems do not suffer interruption – we cannot afford for the energy systems controlling supply to go down in the way that telecoms networks have been interrupted and we cannot afford for such interruption to be the central purpose of a terrorist attack. The importance of the security of our data is not forgotten but is only a part of the importance of the security and integrity of our energy network and systems as a whole.

In the past we have sometimes smiled at antiquated network devices in the energy industry – a world where network response to variations in supply and demand variances has been dependent upon human effort, taking a phone call and throwing a switch. The seeming lack of immediacy of such processes in a digital world has though built in a degree of fail safe security, which many would wish to hold on to as a comfort blanket despite the many inherent weaknesses.

Overcoming this is a gauntlet that must, however, be taken up by the innovation of companies first and foremost: the energy challenge we face is real and the development of digital/technology based solutions are key to addressing that challenge. It is not just about the government-led projects to make the energy networks smarter. It starts with energy efficiency in the built environment and that is already leading to mini-smart-grids such as groups of large commercial buildings becoming virtual power plants through automated offset strategies and regional energy management hubs. The technology has been developed and now the business plans to properly exploit the technologies are becoming viable (with or without subsidisation).

Cyber security is not a theme that is particular to energy innovation – it is central to digital innovation in all aspects of our lives and infrastructure as M2M becomes ever more prevalent, whether consumer facing (such as mobile payment systems and transportation) or of national import (such as defence and homeland security). The upcoming SmartGrid dinners and Energy Innovation events will draw upon OC contacts and experience across those sectors and explore the development of security within the evolution of power management solutions…..

  • what has been happening so far?
  • Is it driving isolation of energy networks to avoid integrity breach/contamination from other systems?
  • Who will lead the requirements for security – government legislation or free market procurement?
  • Are technology providers and energy innovators developing their own security or partnering with corporates from the traditional (cyber) security world?

These questions demonstrate choices.

  • Integrity/security can most effectively be achieved by denying access to the systems we are trying to protect – but accessibility and equality of such access are basic tenets of the SmartGrids being developed in free-market jurisdictions.
  • With interconnectivity comes the need for co-ordination of effort and implementation in order to avoid penetration gaps and vulnerabilities in the aggregated systems that are created – a co-ordination and collaboration between players competing in a highly competitive market with big prizes at stake. 

Sign up to our newsletter

Meet our experts