EDP data breach highlights need for cybersecurity
EDP, which had a revenue of almost €17.5bn in 2018, is being extorted by cybercriminals for 1,580 BTC (Bitcoin - a value of €9.9mn). Using ‘RagnarLocker’ ransomware, the attackers have encrypted the company’s systems and rendered them unusable.
The compromisation of EDP’s systems is of great significance for the global energy market - it is one of the largest electricity and gas providers in Europe, as well as the fourth-largest producer of wind energy in the world.
Defending against ransomware
With over 11mn customers in 19 countries on four continents, the scale of the attack is of truly international significance. So far, the perpetrators have threatened to leak 10 TB of sensitive information if their demands are not met.
Rob Fitzsimons, field applications engineer at Telesoft, a firm specialising in cybersecurity, said that EDP’s predicament underscores the necessity for robust digital defences, particularly as more and more people work remotely.
“EDP’s span is so vast that suffering a data breach would have huge ramifications for its reputation. That’s why it and other critical national infrastructure suppliers are prime targets.”
Whilst conceding that paying the ransom can be tempting, Fitzsimons strongly urges against taking this action, “Of course, there’s no guarantee that hackers will unencrypt data once ransoms have been paid – these aren’t typical business transactions governed by ethics.”
The sophistication of modern malware is such that it can easily pass unnoticed at the point of infection if due diligence is not being paid. Because of this, Fitzsimons states that employers and employees must coordinate a security strategy as the first line of defence.
“Defending against ransomware, particularly a highly targeted strain such as RagnarLocker which undertakes comprehensive reconnaissance of its targets before it’s actually deployed, necessitates complete visibility into network traffic.
“Any irregular activity, no matter how seemingly insignificant, could be malicious actors carrying out the groundwork for future attacks, so they must be investigated,” he said.
Making a cybersecurity plan
In a previous article, Energy Digital explored Siemens’ recommendations for enhancing cybersecurity for remote workers. As a dominant trend for contemporary workforces because of the COVID-19 pandemic, companies need to ensure that staff are adequately prepared:
Secure connections: Knowingly giving access to strictly confidential or important systems to workers who cannot guarantee security is unacceptable, therefore companies must carefully assess what plant operators require access to in order to mitigate the risk of infiltration.
Monitor anomalies: Because remote working is currently outside general ‘normal working conditions’, it may be difficult to differentiate between a cyberattack and legitimate operator usage. Careful monitoring of the system will help to establish a baseline to measure this.
Prepare an incident response plan: Workers may be off-site, ill or otherwise not able to respond in their normal capacity during a cyberattack event. Plants must factor in these changes and alter response plans accordingly.
“While the COVID-19 crisis makes these steps urgent, several long-term trends that pre-date the pandemic will drive similar changes,” Simonovich states.
These changes will include new operating models, automation and advanced training for remote workforces. Due to the unknown length of the current pandemic and its effect on global lifestyles, companies should prepare for these changes over the long-term.
For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.
Hydrostor receives $4m funding for A-CAES facility in Canada
Hydrostor has received $4m funding to develop a 300-500MW Advanced Compressed Air Energy Storage (A-CAES) facility in Canada.
The funding will be used to complete essential engineering and planning, and enable Hydrostor to plan construction.
The project will be modeled on Hydrostor’s commercially operating Goderich storage facility, providing up to 12 hours of energy storage.
Hydrostor’s A-CAES system supports Canada’s green economic transition by designing, building, and operating emissions-free energy storage facilities, and employing people, suppliers, and technologies from the oil and gas sector.
The Honorable Seamus O’Regan, Jr. Minister of Natural Resources, said: “Investing in clean technology will lower emissions and increase our competitiveness. This is how we get to net zero by 2050.”
A-CAES has the potential to lower greenhouse gas emissions by enabling the transition to a cleaner and more flexible electricity grid. Specifically, the low-impact and cost-effective technology will reduce the use of fossil fuels and will provide reliable and bankable energy storage solutions for utilities and regulators, while integrating renewable energy for sustainable growth.
Curtis VanWalleghem, Hydrostor’s Chief Executive Officer, said: “We are grateful for the federal government’s support of our long duration energy storage solution that is critical to enabling the clean energy transition. This made-in-Canada solution, with the support of NRCan and Sustainable Development Technology Canada, is ready to be widely deployed within Canada and globally to lower electricity rates and decarbonize the electricity sector."
The Rosamond A-CAES 500MW Project is under advanced development and targeting a 2024 launch. It is designed to turn California’s growing solar and wind resources into on-demand peak capacity while allowing for closure of fossil fuel generating stations.
Hydrostor closed US$37 million (C$49 million) in growth financing in September 2019.