Siemens: cybersecurity for energy during COVID-19

By William Girling
Following on from Energy Digital’s...

Following on from Energy Digital’s last article on Siemens, the company has released a prudent guide to cybersecurity during remote working.

Recognising that working from home has taken on vastly greater significance for the energy industry because of the COVID-19 pandemic, Leo Simonovich, Global Head of Industrial Cybersecurity, believes that executives face a two-fold challenge of safety and security.

“By accessing critical plant production and grid networks from homes, employees raise the risk of a possible second wave crisis: rolling outages and safety events when keeping the lights on matters most,” said Simonovich.

“Attackers will attempt to exploit the rush to remote systems, understaffed facilities, and new ways of working.”

Understanding the threat

Although enterprise systems are always under a certain degree of threat from cyberattacks, workers trying to keep utilities functioning correctly may be working in sub-optimal conditions that amplify security faults.

Some of these include unsecured internet connections and human-error caused by a different way of working (i.e. a change in workspace setup which renders once-familiar tasks difficult or confusing). 

For this reason, Simonovich advocates, energy companies must thoroughly asses each procedure and determine which are safe to operate by a worker remotely and those which are not. 


“Cybersecurity is as strong as its weakest link,” he continues. “Ensuring that partner systems work from a shared roadmap will help utilities assess and improve security. Failing to consider partners’ cybersecurity leaves a potentially large blind spot in your defences.”

Establishing a response

After understanding where the increased risk of cyberthreats comes from, Siemens recommends setting up a clear three-pronged approach to bolter defences: 

Secure connections: Knowingly giving access to strictly confidential or important systems to workers who cannot guarantee security is unacceptable, therefore companies must carefully assess what plant operators require access to in order to mitigate the risk of infiltration.

Monitor anomalies: Because remote working is currently outside general ‘normal working conditions’, it may be difficult to differentiate between a cyberattack and legitimate operator usage. Careful monitoring of the system will help to establish a baseline to measure this.

Prepare an incident response plan: Workers may be off-site, ill or otherwise not able to respond in their normal capacity during a cyberattack event. Plants must factor in these changes and alter response plans accordingly.

“While the COVID-19 crisis makes these steps urgent, several long-term trends that pre-date the pandemic will drive similar changes,” Simonovich states. 

These changes will include new operating models, automation and advanced training for remote workforces. Due to the unknown length of the current pandemic and its effect on global lifestyles, companies should prepare for these changes over the long-term.

For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.

Follow us on LinkedIn and Twitter.


Featured Articles

Alfa Laval to supply world’s largest green hydrogen plant

The facility is being built in NEOM, the US$500bn futuristic city being developed in Saudi Arabia

COP27 agrees to climate compensation fund

The deal is said to be a historic first in acknowledging the vast inequities of the climate crisis

North America's natural gas can help mitigate energy crisis

In the effort towards decarbonisation, North America could be a key player in providing affordable natural gas, addressing energy security issues

COP27: Egypt and Norway to build 100MW green hydrogen plant

Renewable Energy

Renewable energy company Masdar opens office in Saudi Arabia

Renewable Energy

Ørsted closes US$140m transaction with ECP for US portfolio

Renewable Energy