The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


How The Energy Sector Can Prevent Cyber Attacks

image credit: Photo by Pixabay Creative Commons license
Ethan Pratt's picture
Director Framestr

I've worked in the energy sector for over 10 years across all industry sectors.

  • Member since 2019
  • 11 items added with 22,562 views
  • Feb 24, 2020

Energy companies have traditionally been at the cutting edge of technological advances, but with those advances, utilities open themselves up to potential hazards. The energy sector spans several areas of industry, among them oil and gas producers and electrical companies. As more of these companies start to delve into new technology such as IoT devices, they open the door to malicious actors. This innovation could be a problem, as The Financial Times states, the biggest threat to the energy sector today is compromised IT systems that control supply and distribution of power.

The Cost of Innovation

Cybercrime has caused severe damage to some companies. Accenture notes that as much as 80% of businesses are introducing innovations ahead of their IT departments' ability to secure their networks. A similar situation happens with companies in the energy industrie. The interconnectivity of energy systems is crucial to develop efficient methods of monitoring and distribution on an electrical grid. Power systems form part of the critical infrastructure for a nation or community, and targeting local assets on this scale can lead to widespread panic and chaos. The introduction of new technology into power generation and supply companies needs to be matched with the requisite increase in cybersecurity.

Learning From Prior Mistakes

The BBC covered a power outage in Ukraine that affected over 225,000 people in December of 2015 that was blamed on hackers breaking into the company's systems. The sophisticated attack started with the installation of malware onto the company's systems, which then allowed malicious users access to the power company's network. Once they achieved control over the system, the malicious actors were able to flip switches at will, cutting power to several areas of western Ukraine.

What this attack demonstrates is how vulnerable energy sector companies can be if breaches happen on their primary network. The attack wasn't something that an unskilled or untrained user could perform. However, it was the first recorded incident of hackers gaining access to a utility and shutting it down. However, things have only exacerbated since then. In March of 2019, a "cyber event" occurred in the US, resulting in power disruption to California, Wyoming, and Utah. With these events foremost in the minds of utility providers, any attempt at innovating through the use of new connected devices needs to come with the implementation of proper security measures.

IoT Security in Energy Sector Usage

IoT devices have made their way into several areas of energy distribution. Utility companies have utilized smart meters to help with the flow and delivery of electricity. These IoT devices are useful, but they also present a genuine threat to the security of utility companies. Security Boulevard mentions that there are inherent problems with the security of IoT devices, which will propagate when utility companies start using them to collect data and make their plants more efficient. For utility companies to deal with this threat preemptively, they need to focus on securing their IoT systems.

Malicious actors can quickly gain entry into a system through an unsecured IoT device. In such a case, ransomware or other malicious software could be installed, and it would require IT teams to find a detailed description to remove or deal with these threats. Depending on how severe the risk is and how serious the actors involved are, by the time the cybersecurity team responds to the danger, it may be too late. The US Justice Department has even addressed the issue directly, telling consumers to be aware of the threats their IoT devices pose to their home networks. Utilities are at similar risk since some of these exploits are common to all IoT devices.

Dealing With the Threats

The threats exist, and knowing that they're there allows utility companies to take an active stance when dealing with them. States such as California and Texas have already instituted legislation to ensure that IoT security is a priority for their utility providers. The U.S. Chamber of Commerce is hard at work devising an industrial IoT security guide for companies to follow. Companies themselves can be proactive about instituting security by using public key infrastructure (PKI). By establishing PKI, the company creates an identity-based system that is difficult to bypass. Just because IoT presents some security issues doesn't mean companies should be afraid of innovating. They just need to take the proper precautions to deal with the inherent threats of doing so.

Matt Chester's picture
Matt Chester on Feb 24, 2020

The threats exist, and knowing that they're there allows utility companies to take an active stance when dealing with them

Very true-- no matter what you do, these threats are going to be out there, that's just the world we live in. So all utilities must make protection against them a high priority, fund them appropriately, and do what they can for actual security and not just compliance. 

How would you compare the preparedness of U.S. utilities generally to, say, utilities in other nations?

Ethan Pratt's picture
Thank Ethan for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »