Cyber challenges facing utilities today


Across the world, utility companies are digitising and employing distributed energy resources (DERs) to ensure operational efficiency, reliability, flexibility and safety for consumers. Unfortunately, this digitisation comes with risk, and in the past few years, we’ve seen a drastic increase in the number of cyberattacks on utility systems.

Their interconnected nature and importance in national infrastructure make utilities a prime cyber target with the potential for disastrous consequences. From the 2016 hack in Ukraine (resulting in long-term outages), to the first hack on a United States-based utility earlier this year, private companies and governments face a call to action: adequately secure systems or sacrifice important digital progress. They’re struggling to find a balance between pushing the advancement of IoT systems and managing the associated risk.

This article was originally published in Smart Energy International issue 1-2020. Read the full digimag here or subscribe to receive a print copy here.

Companies must find a solution for the cyber risks that come with industrial transformation, and the pressure to digitise.

Securing these vulnerable and essential real-world operations is the responsibility of the businesses, but unfortunately for them, most of today’s security platforms don’t match the scope and dynamism of industrial IoT systems, and instead, remain static, centralised, and unsuited to the continuously evolving nature of operational processes.

Adequate cybersecurity solutions have fallen behind the digital transformation of the utility industry – and the combination of older, legacy systems with modern connected devices makes it increasingly complex to secure utilities in full.

The utility industry is additionally challenged by the convergence of information technology and operational technology systems. This raises brand new obstacles: securing both IT and OT devices, as well as the interactions that take place between the two. Personal devices, like laptops and individual smartphones, are connected to sensors and smart inverters, and to real time automation controllers, collecting data in the field.

In order to comprehensively secure their systems of devices, utility companies need to secure every interaction, whether from edge to the cloud (device-to-cloud) or from edge-to-edge (device-to-device).

Blockchain’s role in decentralised enforcement and guaranteed integrity

One of the major risks of cyberattacks on connected systems is the fact that they rely on one another to function correctly.

The hack of one device means that tens, hundreds, or thousands of other devices in a network face being compromised in turn. Distributed energy resources are, by nature, distributed, meaning that the systems securing them need to adequately address and match the structure of the operations they are designed to protect.

Blockchain-based security platforms are uniquely suited to handle the scope and complexity of these organisations’ systems.

Unlike traditional security solutions, blockchain is tamperproof because all of the nodes in the system work together to guarantee the authenticity of information.

If someone attempts to compromise part of the blockchain, the system will self-heal as the nodes in the system come together in consensus to reject the false information from the compromised machine. Meaning, a hacker would need to take out a very large number of devices to create a system compromise.

Blockchain is a scalable solution, necessary in an industry where industrial IoT device growth is exponential. Utility-specific IoT spending is anticipated to reach $15 billion by 2024, so a blockchain-based solution is a clear answer: it supports millions of transactions across nodes and matches the robustness of real-world operational needs.

ComEd: Innovation in digitisation and security

Commonwealth Edison (ComEd) is taking its approach to digitisation seriously, using cybersecurity that supports and evolves with its digitisation, and the development of its Grid of the Future Labs. ComEd sees the potential for decentralised renewable energy resources and is working with Xage Security to secure multi-party power interactions and enable reliable next-generation smart utility systems.

The Illinois-based utility is using Xage’s blockchain solution (the Xage Security Fabric) to support sustainability goals, and help address future grid security risks: distribution, scalability, protection of networked legacy systems, and the convergence of IT and OT providing an identity-based security model for grid assets, people, data and applications. The solution enables edge-to-edge and peer-to-peer interactions and maintains data integrity for ComEd innovative connected systems.

ComEd’s energy systems and both utility and third-party microgrids would be secured independently but cohesively, mitigating the risk of a domino effect via a decentralised blockchain solution.

Utilities cybersecurity: what’s next?

56% of OT professionals in a recent survey of utility companies reported that their organisations had at least one shut down or operational interruption in the past year. The same survey noted that 25% had been impacted by a “megahack” (one with nation-state actors involved) and 54% of those professionals said they expected an attempted hack in the next six months.

Renewable energy resources such as wind and solar and electric vehicles are here to stay and present transformative opportunities for utilities. According to the US Energy Information Administration renewable energy resources have grown 1000% in the last seven years, and already represent 8% of the total electricity generation in the US. In order to embrace these new technologies utilities will need to accelerate their digital transformation efforts and related business models.

My primary recommendation for utility organisations is to take security health seriously, while simultaneously not letting it impact their growth goals. Organisations must adopt security solutions that they will not outgrow – but that instead will grow with them. Employing blockchain-based solutions ensures that they are holistically protected from cyberattacks, and are not compromising the operational efficiency that comes with industrial IoT. Overly centralised or network isolation based security solutions are not the answer for utility grid modernization, given the potential for one hack to spread quickly across the distribution infrastructure.

Utilities must maintain resiliency in the face of threats (malicious or accidental) to serve consumers with the consistency they rely on to go about their lives. SEI

About Duncan Greatwood

Duncan Greatwood is Xage’s Chief Executive Officer. Most recently, he was an executive at Apple, helping to lead a number of Apple’s search-technology projects and products. Prior to Apple, Duncan was CEO of Topsy Labs, the leader in social media search and analytics acquired by Apple in 2013. Prior to Topsy, he was founder and CEO of PostPath Inc., the email, collaboration and security company acquired by Cisco in 2008. He has held positions such as Vice President roles in Marketing, Corporate Development and Sales at Virata/ GlobespanVirata/Conexant, as well as earlier engineering and product marketing positions at Madge Networks. Duncan brings a blend of sales, marketing, operations, technology and human experience to the task of driving growth at Xage. Duncan holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an MBA from London Business School.