Siemens: cybersecurity for energy during COVID-19

By William Girling
Following on from Energy Digital’s...

Following on from Energy Digital’s last article on Siemens, the company has released a prudent guide to cybersecurity during remote working.

Recognising that working from home has taken on vastly greater significance for the energy industry because of the COVID-19 pandemic, Leo Simonovich, Global Head of Industrial Cybersecurity, believes that executives face a two-fold challenge of safety and security.

“By accessing critical plant production and grid networks from homes, employees raise the risk of a possible second wave crisis: rolling outages and safety events when keeping the lights on matters most,” said Simonovich.

“Attackers will attempt to exploit the rush to remote systems, understaffed facilities, and new ways of working.”

Understanding the threat

Although enterprise systems are always under a certain degree of threat from cyberattacks, workers trying to keep utilities functioning correctly may be working in sub-optimal conditions that amplify security faults.

Some of these include unsecured internet connections and human-error caused by a different way of working (i.e. a change in workspace setup which renders once-familiar tasks difficult or confusing). 

For this reason, Simonovich advocates, energy companies must thoroughly asses each procedure and determine which are safe to operate by a worker remotely and those which are not. 

SEE ALSO:

“Cybersecurity is as strong as its weakest link,” he continues. “Ensuring that partner systems work from a shared roadmap will help utilities assess and improve security. Failing to consider partners’ cybersecurity leaves a potentially large blind spot in your defences.”

Establishing a response

After understanding where the increased risk of cyberthreats comes from, Siemens recommends setting up a clear three-pronged approach to bolter defences: 

Secure connections: Knowingly giving access to strictly confidential or important systems to workers who cannot guarantee security is unacceptable, therefore companies must carefully assess what plant operators require access to in order to mitigate the risk of infiltration.

Monitor anomalies: Because remote working is currently outside general ‘normal working conditions’, it may be difficult to differentiate between a cyberattack and legitimate operator usage. Careful monitoring of the system will help to establish a baseline to measure this.

Prepare an incident response plan: Workers may be off-site, ill or otherwise not able to respond in their normal capacity during a cyberattack event. Plants must factor in these changes and alter response plans accordingly.

“While the COVID-19 crisis makes these steps urgent, several long-term trends that pre-date the pandemic will drive similar changes,” Simonovich states. 

These changes will include new operating models, automation and advanced training for remote workforces. Due to the unknown length of the current pandemic and its effect on global lifestyles, companies should prepare for these changes over the long-term.

For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.

Follow us on LinkedIn and Twitter.

Share

Featured Articles

Who is Greg Joiner, the new Head of Shell Energy?

Joiner will be formally be appointed as Shell Energy’s EVP on 1 April following a reshuffle of the division's top team

Watershed Workshop at Sustainability LIVE: Net Zero

Hosted on Day 1 of Sustainability LIVE: Net Zero, Watershed’s session was overflowing with ideas that apply to supply chain decarbonisation

Capgemini Invent Workshop at Sustainability LIVE: Net Zero

Explore how Capgemini Invent's workshop on Day 1 of Sustainability LIVE: Net Zero delved into climate adaptation & social sustainability for futureproofing

Energy Highlights from Sustainability LIVE: Net Zero

Sustainability

Sustainability LIVE: Leading ESG and Net Zero

Sustainability

International Women’s Day: Women in Energy with Julia Souder

Renewable Energy