Data Security for Utilities in the Age of Digital Transformation
- Jul 14, 2021 11:32 am GMT
The Internet of Things (IoT) has been a significant part of the ongoing fourth industrial revolution. Connected devices that allow companies to collect operational data, increase product efficiency, and improve customer experiences are growing in popularity and use. By 2025, there are expected to be over 75 billion connected devices in use globally.
The transformation of the utilities sector
Through the use of IoT devices and infrastructure such as smart metering, utility businesses have been able to effectively and accurately collect and analyze valuable data on crucial performance metrics such as water and gas pressure, efficiency, and usage.
However, as digital transformation expands the service capabilities of utilities, it also gives malicious actors a greater attack surface to steal or tamper with sensitive business and operations data.
A study by Ponemon and Siemens revealed that 56% of utilities faced at least one instance of shutdown or data loss each year due to a security breach. For organizations, this indicates a lack of preparation and a vulnerability that is not discussed as often as it should be.
The 3 crucial components of data security
The utilities sector is responsible for managing massive amounts of business and customer data. This data ebbs and flows throughout the entire value chain as it makes its way from the smart meter, to the boardroom or market participant. As a result of the dynamic nature of data collection, management and use, organizations find it difficult to define the scope of their cybersecurity coverage.
In fact, 56% of organizations indicated that they lack any form of insight into real-time, actionable security intelligence. For businesses to close this gap, they must first recognize that data exists in three states—at rest, in use, and in motion—and each of these states requires a unique approach to achieve high levels of data security.
Data at rest: “At rest” refers to the state of data when it is not being actively transferred from one system to another. Traditionally, this data sits on hardware and servers, but cloud storage has become more popular in recent years. This data is at the mercy of the security protocols that exist on the platform it is saved on.
Data in use: When data is opened, accessed, or processed, this changes the data’s state from “at rest” to “in use.” Companies often use some form of authentication to restrict access to this data. However, this can be challenging for utilities since smart meters, connected home devices, and data transmitters are usually embedded into public infrastructure and customer homes.
Data in motion: Regardless of where data is stored, at some point, this data needs to be shared for analysis or reference. As information moves through networks and communication channels, it is considered to be “in motion.” When data is in this state, data managers and IT leaders must ensure that the communication channels used are secure and that the data has end-to-end encryption so that only the intended recipient can access the shared information.
How to keep your data safe when at rest, in use, and in motion
Define the infrastructure needed to protect data at rest
Securing data at rest can be a challenging task for businesses that have their data stored in multiple locations without a clear understanding of the security requirements of each set of data. For companies to tackle this, the pools of data that exist in various locations must be classified according to their importance to business continuity. Once business leaders have clarity on what each data set holds and how important it is to the business, security protocols can be decided and implemented accordingly. However, the static nature of this data means that proactively monitoring internal and external threats is crucial for long-term data security.
Keep data in use safe with a zero trust security architecture
The easiest way for businesses to ensure that data in use is kept safe is to adopt a zero trust security architecture. This limits access to potentially sensitive documents and data. With a zero trust architecture, individuals within or outside the organization must confirm their identity before they are given access to the requested information. Managers have to implement access guidelines based on each employee’s need and job scope, limiting access to sensitive documents to those who really need them.
Ensure proper encryption standards for data in motion
The utilities sector is rapidly increasing the use of connected devices and integrated technologies to improve the service they provide to their customers. This data is constantly being transported from one device to another. Therefore, business leaders must ensure that it cannot be intercepted or accessed by employees at intermediary data transmission service providers. To protect sensitive business and customer data from prying eyes, utilities must encrypt data using protected tunnels, such as a unidirectional security gateway for OT/IT integration, HTTPS, SSL/Transport Layer Security, or dedicated VPNs to protect not just the data, but the channel through which that data is transported.
Using fully integrated data from sensors, smart meters, and OT and IT applications, utilities can increase value for customers through personalized services, accurate usage readings, and improved analytics. This requires adherence to the best practices we’ve outlined here, enabling a dynamic and comprehensive data security plan to be built, ensuring high levels of security regardless of the data’s state and location.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.