The world needs a network security ecosystem to realize a flexible power future
Writer: Hengfeng you electric Time:2022-05-19 views:times
The energy industry is one of the most important industries in the world. The three target industries are used for cyber attacks. In particular, recent events, such as blackmail software attacks on colonial pipelines, interruption of fuel supply to the southeastern United States, data leakage in Vestas, a Danish wind turbine manufacturer, and cyber attacks on the nuclear device of eletrobras, Brazil, remind us that the energy sector is still vulnerable to cybercrime.
These events have repeatedly emphasized that we need more in-depth cyber security cooperation to promote the world's energy system to become more sustainable, flexible and secure. Only when we operate in a joint ecosystem in which we trust and share network security information can we truly establish joint flexibility. Real time and responsible information exchange is the future, especially when our decentralized energy systems in a low-carbon world will require new power and digital connections to grow exponentially.
What benefits will a resilient cybersecurity ecosystem bring to the energy industry? What obstacles need to be overcome to reach its full potential? Here are some questions we asked two leaders at the forefront of information technology (it) and operational technology (OT) security: Thomas tschersch, chief security officer of Deutsche Telekom, and Anders Gustavsson, head of global connectivity solutions at securitas Together with Pierre Alain Graf, head of Hitachi energy network security and global security expert, they discussed the need to change their way of thinking to build a strong and trusted partnership in the next interview.
Why is cyber security important in energy
Q: why is cybersecurity so important in the field of energy?
Pierre Alain Graf (P. - Ag), Hitachi energy: very simple: electricity, more generally speaking, energy is the pillar of society. If you turn off the electricity, everything is gone. This is a very critical area that really needs protection.
In military doctrine, disabling infrastructure has been the first wave of attacks. Therefore, key infrastructure, especially the power sector, has become part of cyber warfare. Destroying cyberspace is a very cheap and effective way to gain and maintain control.
The energy sector needs to constantly adjust its defenses, which was not often done before. Utility players need to see themselves as part of the ecosystem, because no one in the industry is fast enough to deal with all threats alone. This is the main reason why it is so important to truly solve network security problems in a very open and proactive way, especially for emerging and widespread network security vulnerabilities, such as the recent log4j / log4shell. Ongoing events surrounding this situation may expose existing risks to critical infrastructure, including electricity, while emphasizing the need for industry wide collaboration to better detect and respond to cyber security incidents.
Thomas tschersch (TT), Deutsche Telekom: when I studied electrical engineering about 30 years ago, it was not a closely connected industry.
We talk not only about substations, but also about decentralized energy production, such as solar panels in private homes. Criminals can take advantage of these growing energy connections by introducing malicious commands. This clearly shows that we now have an increasing need to protect these communication systems just because of the number of additional connections.
Anders Gustavsson (Ag), securitas: from the perspective of crime, whether you steal information or want to attack society, the simplest way in the past was to attack the base station or go to the power station. Today, if you don't want to dirty your hands, network intrusion is the easiest choice. If potential intruders can choose simple methods and simply buy hacker services or tools for themselves to pass through the data center, why should they risk placing bombs on the infrastructure? Critical infrastructure such as data centers, communication base stations or power plants are increasingly threatened by increasing connectivity. The disadvantage of implementing very strong physical security is that criminals are now increasingly choosing cyber attacks.
The world needs a network security ecosystem to realize a flexible power future
Q: what kind of threat does deeper electrification pose to network security?
TT: without power, network security will not work. Power infrastructure is one of the most critical elements of our society, and the installation of all these additional connections makes it increasingly vulnerable. This means that the attack surface of cybercrime is increasing, which is not a bad thing in itself, but we need to really improve and deal with this vulnerability, and we should focus all our attention on it to maintain control.
P. - Ag: we have a famous saying that the future is uncertain, but it is electric. Why do we need more in-depth contact? In order to shift to a carbon neutral energy system, we need to change the entire power system architecture. A basic principle of the electricity market is that you consume it as close as possible to the source of production. But for offshore wind power, this is really difficult.
Given the growing but subtle integration of physical and network infrastructure, the manipulation of power infrastructure by criminals and hackers has also become more attractive. I remember when I started working in swissgrid, no one thought of entering the power station because it was too dangerous. Today, people can destroy the integrity of key energy assets from anywhere in the world not only through physical intrusion, but also through virtual attack. They just need to control key assets. With the disappearance of the concept that power assets are dangerous, the security of tangible assets has taken on a new and important dimension. But only in parallel with the integrated network response. Both are becoming more and more important.
The world needs a network security ecosystem to realize a flexible power future
Ag: increasing connectivity and digitization make it easier to attack individual assets because they all need communication. We can easily build Fort Knox physical security around a centralized infrastructure, but today's decentralized way of working makes it more difficult. This should urgently urge cybersecurity departments, across industries and their service infrastructure, to coordinate security processes and best practices to quickly detect vulnerabilities and prevent potential cyber attacks.
Q: how important is network security to protect and improve the elasticity of the power grid?
P. - Ag: I think it's critical. What we need to do in the power industry is to look at our assets from the perspective of the online world, because there are some fundamental differences. If you conduct a standard resilience assessment from the perspective of the power network operator, you may find problems in one area, or if you are really unlucky, there may be two problems.
TT: the challenge of more interconnection in the future is, of course, that criminals may damage flexibility, because the infrastructure is remotely controlled. We need to build a solid defense against these potential attacks. For example, companies sometimes need to rely on the public Internet to connect to remote locations, but there must be sufficient protection to protect them from cyber attacks. I think companies need some form of network assurance to provide resilience in an interconnected world, just as physical backup is used for standard grid resilience.
Qingdao Hengfengyou Electric. Factory &Manufacturer 30years.Distribution transformers, medium and low voltage switchgear, distribution board, Pad mounted transformers and Compact substations. sold to more than 50 countries around the world. Complete product certification. Hengfengyou Electric will provide you with the best electrical product solutions, https://www.hengfengyou.com ;