Mitigating grid vulnerabilities to boost cyber resilience


A discussion held during the Future of the Grid Summit hosted by Enlit Asia, explored the evolution of the energy sector, how market trends are increasing the vulnerability of networks to cyberattacks and the measures utilities need to implement to improve cyber resilience.

Nugroho Prananto Utomo, a senior consultant at DNV Singapore, said there are big changes impacting the control of energy from the transmission to the distribution levels.

Utomo, said: “Distributed energy resources (DERs) including electric vehicles are challenging traditional platforms and models. This is forcing distribution operators to install more distributed intelligence and visibility along the 11KW networks.”

He said the IT and OT convergence occurring as utilities optimise DERs and ensure stable grid networks is exposing traditionally closed energy systems to third parties and attacks.

“Utilities will need to be careful about how they do that,” added Utomo.

Utomo stated that previously utilities would send field workers to check distributed assets such as transformers and to investigate causes of a power outage, but today such work is being done by technology.

Mel T Migrino, vice-president and group chief information officer at Meralco, a Philippines-based utility, added: “Renewable energy deployment is taking center stage and the transition is already happening with companies sourcing electricity from solar, hydro and wind resources.”

She said these distributed resources will need advanced control systems which are also prone to attacks.

The DER concept is forcing utilities to integrate SCADA and distributed energy resources management systems (DERMs) to ensure remote management, added Migrino.

“We know that SCADA has been a highly restricted and controlled platform for many years, whilst DERMs open external connections including remote vendor updates.

“These changes, owing to digitalisation, bring exposure to third-party attacks and compromises entering your network,” added Migrino.

Utomo said we are also witnessing challenges that are associated with societal changes. “We used to have predictable power profiles during the day. But this is changing due to a lot of DERs, increased industrial activities, smart home appliances and changes in weather conditions.”

He said, as a result, the energy sector is witnessing a lot of innovation projects of demand-side management and utilities are increasing their use of energy flexibility and technology to meet energy demand and customer expectations.

Have you read?
Energy storage industry still has a lot to learn, say analysts
‘The best way to predict the grid of the future is to shape it’ – SP Group CEO
Distributed intelligence and secure grid connectivity – The next phase of grid development

The rapid digitalisation continues to provide new ways for hackers to utilities to penetrate utility networks, said Utomo.

Energy sector cybersecurity market challenges

Migrino added that hackers are increasingly using “ransomware as a new trap, [and] if executed well can disrupt service and cause damage to utility property.”

Besides changes within the energy sector, she said utilities are failing to keep pace with cyber attackers due to the high costs associated with testing and installing cybersecurity solutions.

“While it is crucial for security it continues to become an expensive practice,” she said.

Migrino said on average, a cyberattack is conducted every 11 seconds within the energy sector, and “it is crucial to make sure energy companies are protected regardless if they have never been attacked.”

However, Stephen Goodman, business development architect at Cisco, who was also part of the discussion, said it is hard to predict the frequency of attacks making it difficult for utility executives to justify cybersecurity spending to management teams. This is one reason why utilities are lagging in modernising their cybersecurity platforms, added Goodman.

He added that the majority of utilities do not have clear visibility of their grid assets and as such, they are not aware of what is happening on the network.

“They do not know what is connected onto their network, what the equipment is doing, who they are communicating with, and what is being communicated,” he said.

Goodman added that energy companies are also struggling with designing their cybersecurity approach and structures and protecting legacy infrastructure is a huge challenge.

He said: “Legacy infrastructure is a real problem, SCADA is a good example as it was never built to be secure, it was built with an encrypted trust.

“When you have legacy systems, the only way to build resilience is to put a perimeter around it to be able to control the data that goes in and out of that perimeter. And this is what utilities struggle with.”

He reiterated by saying energy retailers do not know what to do with cybersecurity operations platforms – whether they should have a single operations center across the whole group or whether they should decentralise security operations or combine IT and OT operations.

Improving cyber resilience as digitalisation intensifies

The speakers also looked at how energy firms can improve their cyber resilience whilst accelerating their digital transformation.

Utomo said utility and consumer awareness of cybersecurity solutions and the impact of attacks on operations need to be improved.

He said energy companies need to include cybersecurity in digitalisation and grid modernisation programmes from the start.

“When companies start to digitalise they need to include cybersecurity in the design,” he said.

Migrino, added: “Energy companies need to maintain a second level of resilience and ensure systems are secure while they embark on their digitalisation of operations”

She said they need to build three layers of resilience:

  • Layer 1 is the physical layer and the protection of field devices such as smart meters, grid components, and sensors.
  • Level 2 includes the resilience of communication or connectivity infrastructure and technologies. She said the majority of connectivity will be via 5G and needs more protection since it is very digitalised and needs stronger authentication.
  • Level 3 is the application level where head-end systems are based and placed.

Migrino said utility companies need to “identify risk in each zone/layer and apply appropriate cybersecurity platforms”.

In employing various security platforms, she said utilities need to consider various attack mechanisms used by attackers such as sniffing.

“Visibility is really important, by making use of security logs coming from various cybersecurity and defense platforms and devices and integrating them in the cybersecurity control center for analysis and detection, energy companies are able to quickly detect compromises before they cause harm.”

Migrino ended her presentation by highlighting the need for utilities to shift to a proactive approach and planning. She said they should balance between attack prevention, detection, and response mechanisms.

The speakers also explored the need to ensure grassroots training for the utility workforce, align security platforms with international standards, collaborate on standards and technology development, increase funding and policy development, and support the energy cybersecurity segment.

Find out more about the session here.