Cybersecurity gaps threaten complex energy grids


Smarter energy grids are more complex and require more comprehensive cybersecurity plans.

According to Phil Kernick, chief technology officer at security firm CQR Consulting, the automatic management of both supply and demand technology is lacking in security.

Cybersecurity was a key discussion topic at a roundtable with focus on energy and other utilities, recently held in Sydney.

“The distribution systems and the generation systems were deployed a decade and a half ago and are not scheduled for change for another decade and a half,” said Kernick.

“With a few notable exceptions there are no standards that are deployed in the energy sector in the control environment,” he said.

“We’re probably one major cybersecurity event away from a complete change of view of the whole energy sector,” Kernick said.

He added, “Unfortunately I honestly believe it will take one of those before it’ll happen.

“I don’t think we can get there from here without a fundamentally transformative approach from the board level down of the energy participants … All the energy participants are looking at this, and they all agree that [smart grids are] the future, but here’s the big overriding thing. Please don’t look at us now. Do not look under [the] hood.”

The challenges in the energy sector are exacerbated by a lack of training regarding cybersecurity, a need for greater IT/ OT integration, as well as a lack of standards and information security controls. All of these need to be addressed at board level to increase efficacy.

“Five years ago we couldn’t convince the boards of these organisations to talk about, to even consider cybersecurity as a concept. Now they see it as directly linked to the revenue generation and profitability of the organisations,” Kernick said.

Grid complexity on the rise

Utilities will continue to become more complex, “not just in the design and management of networks, but also the delivery of services”, according to Ivan Fernandez, industry director at analyst firm Frost & Sullivan.

“The integration of renewables [in Australia] has changed the way business is being done in the energy space. In 2017, we had over 700MW of renewable energy projects that became operational in the country and we estimate that by the end of 2017 we actually had seven times that volume of projects under construction or with financial support,” he said.

While Australia has seen growth in both rooftop solar and large-scale renewable energy projects, Fernandez identifies an increase in medium-scale projects among commercial and industrial customers.

Fernandez further mentioned that the “mainstreaming” of smart meters is also compounding grid complexity.

Of the 13.6 million meters in the national energy market, currently 3.3 million are smart, or almost a quarter. The Australian Energy Market Operator (AEMO) Power of Choice rules require new or replacement meters to be smart. And the grid itself is becoming more intelligent.