Siemens: cybersecurity for energy during COVID-19

By William Girling
Following on from Energy Digital’s...

Following on from Energy Digital’s last article on Siemens, the company has released a prudent guide to cybersecurity during remote working.

Recognising that working from home has taken on vastly greater significance for the energy industry because of the COVID-19 pandemic, Leo Simonovich, Global Head of Industrial Cybersecurity, believes that executives face a two-fold challenge of safety and security.

“By accessing critical plant production and grid networks from homes, employees raise the risk of a possible second wave crisis: rolling outages and safety events when keeping the lights on matters most,” said Simonovich.

“Attackers will attempt to exploit the rush to remote systems, understaffed facilities, and new ways of working.”

Understanding the threat

Although enterprise systems are always under a certain degree of threat from cyberattacks, workers trying to keep utilities functioning correctly may be working in sub-optimal conditions that amplify security faults.

Some of these include unsecured internet connections and human-error caused by a different way of working (i.e. a change in workspace setup which renders once-familiar tasks difficult or confusing). 

For this reason, Simonovich advocates, energy companies must thoroughly asses each procedure and determine which are safe to operate by a worker remotely and those which are not. 


“Cybersecurity is as strong as its weakest link,” he continues. “Ensuring that partner systems work from a shared roadmap will help utilities assess and improve security. Failing to consider partners’ cybersecurity leaves a potentially large blind spot in your defences.”

Establishing a response

After understanding where the increased risk of cyberthreats comes from, Siemens recommends setting up a clear three-pronged approach to bolter defences: 

Secure connections: Knowingly giving access to strictly confidential or important systems to workers who cannot guarantee security is unacceptable, therefore companies must carefully assess what plant operators require access to in order to mitigate the risk of infiltration.

Monitor anomalies: Because remote working is currently outside general ‘normal working conditions’, it may be difficult to differentiate between a cyberattack and legitimate operator usage. Careful monitoring of the system will help to establish a baseline to measure this.

Prepare an incident response plan: Workers may be off-site, ill or otherwise not able to respond in their normal capacity during a cyberattack event. Plants must factor in these changes and alter response plans accordingly.

“While the COVID-19 crisis makes these steps urgent, several long-term trends that pre-date the pandemic will drive similar changes,” Simonovich states. 

These changes will include new operating models, automation and advanced training for remote workforces. Due to the unknown length of the current pandemic and its effect on global lifestyles, companies should prepare for these changes over the long-term.

For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.

Follow us on LinkedIn and Twitter.


Featured Articles

ABB scoops global energy automation technology award

ABB excels in innovating subsea systems and electrification services and providing underwater control solutions according to Frost & Sullivan

INEOS Köln awarded €770,000 for green hydrogen study

State funding will support feasibility study for the construction of 100MW water electrolysis plant for green hydrogen at the INEOS site in Köln

UK receives £2.7bn upfront funding to boost grid capacity

Ofgem's proposed package totals £20.9bn as part of its five-year vision to build reliable and clean energy

Poland and Germany best placed for gas-to-coal switch

Oil & Gas

Leclanché fire retardant additive cuts battery fire risk

Renewable Energy

DP World receives first all-electric terminal tractor