Siemens: cybersecurity for energy during COVID-19

By William Girling
Following on from Energy Digital’s...

Following on from Energy Digital’s last article on Siemens, the company has released a prudent guide to cybersecurity during remote working.

Recognising that working from home has taken on vastly greater significance for the energy industry because of the COVID-19 pandemic, Leo Simonovich, Global Head of Industrial Cybersecurity, believes that executives face a two-fold challenge of safety and security.

“By accessing critical plant production and grid networks from homes, employees raise the risk of a possible second wave crisis: rolling outages and safety events when keeping the lights on matters most,” said Simonovich.

“Attackers will attempt to exploit the rush to remote systems, understaffed facilities, and new ways of working.”

Understanding the threat

Although enterprise systems are always under a certain degree of threat from cyberattacks, workers trying to keep utilities functioning correctly may be working in sub-optimal conditions that amplify security faults.

Some of these include unsecured internet connections and human-error caused by a different way of working (i.e. a change in workspace setup which renders once-familiar tasks difficult or confusing). 

For this reason, Simonovich advocates, energy companies must thoroughly asses each procedure and determine which are safe to operate by a worker remotely and those which are not. 

SEE ALSO:

“Cybersecurity is as strong as its weakest link,” he continues. “Ensuring that partner systems work from a shared roadmap will help utilities assess and improve security. Failing to consider partners’ cybersecurity leaves a potentially large blind spot in your defences.”

Establishing a response

After understanding where the increased risk of cyberthreats comes from, Siemens recommends setting up a clear three-pronged approach to bolter defences: 

Secure connections: Knowingly giving access to strictly confidential or important systems to workers who cannot guarantee security is unacceptable, therefore companies must carefully assess what plant operators require access to in order to mitigate the risk of infiltration.

Monitor anomalies: Because remote working is currently outside general ‘normal working conditions’, it may be difficult to differentiate between a cyberattack and legitimate operator usage. Careful monitoring of the system will help to establish a baseline to measure this.

Prepare an incident response plan: Workers may be off-site, ill or otherwise not able to respond in their normal capacity during a cyberattack event. Plants must factor in these changes and alter response plans accordingly.

“While the COVID-19 crisis makes these steps urgent, several long-term trends that pre-date the pandemic will drive similar changes,” Simonovich states. 

These changes will include new operating models, automation and advanced training for remote workforces. Due to the unknown length of the current pandemic and its effect on global lifestyles, companies should prepare for these changes over the long-term.

For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.

Follow us on LinkedIn and Twitter.

Share

Featured Articles

UK Government awards £54mn in heat network funding

Funding will support the development of schemes in London, Bedfordshire and Woking that use low-carbon heat sources

Shell posts $11.5bn second quarter profit

Shell's earnings fuelled by ongoing price rises and geopolitical instability as the energy major places greater focus on natural gas investments

bp opens first electric truck fast-charging facilities

Operated by bp’s Aral brand, the retail site at Schwegenheim in Rheinland-Pfalz has two 300kw chargers intended for electric trucks

Shell commits to developing Jackdaw gas field in North Sea

Oil & Gas

Prospex Energy raises £1.87m for Selva gas field development

Oil & Gas

Shanghai Electric Group launches low carbon business

Utilities