Energy convergence and cybersecurity grid challenges

By Steven O’Sullivan
Enzen's Steven O’Sullivan explains why cybersecurity should be baked into procurement and partnership programmes from the outset

The convergence of previously separate sectors around smart grids is creating a disparate energy value chain with divergent cybersecurity practices and vulnerabilities, eroding organisational control over energy security.

Failure to consolidate cybersecurity practices across diverse value chains could result in cyber-attacks causing financial and reputational damage. Fear of cyber-attacks has already reduced consumer take-up of smart meters. The scale of the threat is demonstrated by a recent rise in ransomware attacks targeting energy networks; from pipelines to power grids.

Weak links in the energy value chain

Smart grids are driving the convergence of energy and technology. This leaves grids at the mercy of the security practices of third-party technology companies. Many suppliers now need continued access to customers’ energy networks to perform remote maintenance, creating more potential vulnerabilities. 

A porous perimeter

Edge devices such as smart appliances and sensors further increase the attack surface around energy networks. These devices are made by technology suppliers with varying standards of security, creating a wider array of vulnerabilities.

Some manufacturers sacrifice security for speed to market, compounding the issue. As energy security can no longer be centrally controlled, we now require new frameworks to inform best practice across this value chain.

A holistic security framework

Without direct control over energy security, grid operators must use cybersecurity frameworks to assess business risk across all cyber, digital and data projects and enforce best practice among all partners and suppliers. 

Cybersecurity should be baked into procurement and partnership programmes from the outset. Imposing cyber frameworks on Tier 1 suppliers would create a cascade of best practice as each tier enforces the same standards on lower tiers. All projects should be interconnected from the start so that risks are continuously assessed as new technologies are added. 

Organisations should get an integrated overview of all business risk across digital projects so that digital ecosystems are monitored and managed as a ‘system of systems’.  Companies also need to manage third-party remote maintenance of energy infrastructure with strict user permissions.

All suppliers must also be vetted to ensure they conduct continuous patching of products. The renewable energy industry should adopt frameworks encompassing suppliers, OEMs and energy producers that ensure consistent cyber security best practice across asset lifecycles and across an increasingly diverse energy ecosystem. 

Steven O’Sullivan is Head of Smart Cybersecurity at Enzen 

Share

Featured Articles

Monta teams up with Yesss Electrical on UK EV installations

Electrical wholesaler YESSS will recommend Monta to their base of over 1,500 installers as the charge point management platform of choice in the UK

European Commission publishes REPowerEU energy plan

European Commission's REPowerEU energy plan addresses the 'double urgency' of Russia and climate change - and will cost €210bn between now and 2027

Shell Energy Europe and Air Liquide sign renewables deal

From 2023 Air Liquide will purchase 52GWh of solar PV renewable energy a year which will be sourced from SEEL’s portfolio of solar power in Italy

Top 10 actions for reducing fossil fuel demand

Oil & Gas

EDF invests in heat pump installer CB Heating

Renewable Energy

Saudi Aramco posts $39.5bn Q1 profit

Oil & Gas