3 Key Principles for Cybersecurity in the New Utilities Sphere

Posted to Wipro in the Digital Utility Group
image credit: Wipro
Geoff Jue's picture
Vice President and Sector Head - Energy, Natural Resources, Utilities, Engineering & Construction Wipro

Geoff Jue is Vice President and Sector Head of Energy, Natural Resources, Utilities, Engineering & Construction for the U.S. at Wipro Limited. As P&L owner, he is chartered with growing...

  • Member since 2021
  • 1 items added with 75 views
  • Sep 22, 2021 11:15 am GMT

The utilities sector, as with virtually every other industry, is undergoing thorough technical disruption. Advancements in analytics and end-user technologies offer a world of opportunities for utility companies—and all this before 5G connectivity goes mainstream.

But as new technology provides business opportunities, it also opens up a new world of risks, often unmanaged in more traditional businesses such as utilities.

With the adoption of more connective technologies—especially those that are closer to the end-user in the distribution chain, such as smart meters—this creates more avenues for sophisticated cyberattacks. A recent survey of utility companies from Siemens and the Ponemon Institute notes that cyber risk “is worsening, with potential for severe financial, environmental, and infrastructure damage.” Moreover, when it comes to protecting themselves, industry players tend to be unprepared, or even myopic. The World Economic Forum highlighted this lack of preparedness in its 2019 report, stating, “…security of the Internet of Things was paramount to the success of Industry 4.0.”

A digitized, consumer-driven grid is certainly the future of utilities, but companies have no choice but to prepare for the increased potential for exploitation. Cybersecurity, then, should be one of the key pillars to consider ahead of these digital transformation initiatives.

Getting Ahead of Cyber Threats

Regulators have tried to keep pace with these changes as quickly as providers have. For example, the U.S. Department of Energy has already released its ES-C2M2 guidelines to help find a common starting point for utility companies.  For almost two decades, utilities have had to comply with the Critical Infrastructure Information Act, but new regulation significantly increases the burden of compliance-focused on the new edge devices.  Senate Bills 327, specific to California, sits alongside the new Californian Consumer Privacy Act (CCPA) while Senate Bill 734 amplifies the NIST 800-82 standard with the Cyber Security Framework to enshrine the need for security and privacy by design.

This regulation hints at one of the larger challenges of addressing cybersecurity in the utilities sector: digitalization has created a need to horizontally align a vast array of connected devices—many of which are outside utility companies’ control—under one security framework. Providers must account for the entire connected utilities value chain, from power generators to smart refrigerators, all with no clear accountability for owning the cybersecurity and compliance burden. The question remains: where does the handshake take place between the device manufacturer and the utilities provider?

To address these risks in the most efficient way possible, utility companies can start by measuring their competence in these key focus areas:

1. Securing smart meters.

Even with all their potential benefits, smart meters make for a particularly vulnerable asset because they’re a primary touchpoint between consumer and provider. There’s currently no industry-wide standard for smart meter security, so every utility company must take its cybersecurity infrastructure into account while drafting up a plan to make these devices as secure as possible. As a result, adherence to new IoT Security regulations often occurs in a disjointed and individualistic manner.  This process bears no resemblance to other leading economies where industry-wide agreements ensure a standardized and unified approach to solving the industry-wide paradigm.

2. Bringing consumers into the fold.

Another major disruptor in the digitalized utilities industry is more consumer-generated power production. As end-user generation devices such as solar panels become increasingly integrated into the grid, they’ll need to be secured, as well.

Utility companies should deliver clear standards and pursue collaboration with customers to ensure all potential entry points to the grid are secure. In doing so, utility companies will also have to consider the end-to-end responsibility for security management. For example. the individual households installing these devices are unlikely to deploy adequate security controls to meet enterprise demands. Therefore, overlay security solutions will be required to protect enterprise-managed assets.

3. Staying up-to-date on information technology security.

While preventing new cyber threats is critical, focus shouldn’t move away from current risks. Utility companies should make sure IT infrastructures have the necessary safeguards to handle the technological demands of a more connected grid with minimal risk.

Remember that innovative security solutions such as biometrics or embedded pattern recognition will soon become the industry standard. Companies have no choice but to ensure they are secure—this will lead utilities organisations to enhance previous physical security regimes to become cyber-physical in focus.

Cybersecurity is just one pillar for utility companies to consider during a holistic digital transformation. For more insights, read Wipro’s deep dive on Smart Grid and Utilities Transformation or contact us today for expert insight on how you can secure your operations.


Who we are

Wipro Limited is a leading global information technology, consulting, and business process services company. We harness the power of cognitive computing, hyper-automation, robotics, cloud, analytics, and emerging technologies to help our clients adapt to the digital world and make them successful. 

Growing interest in sustainable energy sources, microgrids, and distributed energy, enhanced customer-centricity, and ever-changing regulations demand new business models from the energy and utility sector.

As a leading service provider across the utility value chain, with a strong commitment to building a net-zero global economy, Wipro is helping enterprises reinvent themselves to deliver superior business performance and more sustainable outcomes. With more than 4,500 professionals working across power, gas, and water utilities, we are a trusted partner to more than 75 utility customers globally.




Connect with Wipro

Fill out this form to receive more information from Wipro.

Geoff Jue's picture
Thank Geoff for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member


Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »