The challenge of cyber security in the energy industry
The energy industry is going through some momentous changes, including a process of rapid digitalisation reflected in the growing number of devices on the ‘smart grid’ and an increase in the number of ‘prosumers’ able to import and export their own electricity to the grid.
Digitisation brings huge benefits but also can present risks to our infrastructure, not just in relation to information technology (such as data protection, firewalls and email monitoring) but also operational technology (OT) - the hardware used to generate our electricity.
The complexity of managing power systems provides a number of challenges for the energy industry and its operators as the supply chain becomes ever more reliant upon IT systems to operate.
One standout challenge is where electricity generators are working with legacy systems which do not match the latest manufactured security products. Updating an out of date industrial control, OT system, with its lack of interactivity means updates can take months to implement. Some energy companies turn to patching their IT systems but this has not always proved to be reliable, so opportunities for security threats remain.
So how does the energy industry employ operational resilience to approach these challenges and protect itself against attack?
Energy UK is bringing the necessary stakeholders together to ensure a more joined up approach to cyber security in the energy industry:
- Security vendors are working more closely with operators to ensure products are bespoke to fit power assets.
- Training is being rolled out to ensure employees are aware of the risks and correct action in order to protect information and systems.
- The industry is working with the Government to ensure new directives, standards and regulations around cyber security make the UK energy market safe and secure for operators and consumers.
- Industry is taking part in Government backed accreditation programmes like the Cyber Essentials scheme which is being rolled out.
In the next decade, the energy industry is going to see traditional market models being superseded by reformed market regimes based on masses of data and technologies such as blockchain. Whilst these present exciting opportunities to improve services, becoming cyber resilient is a necessary accompanying step so that as the UK energy market becomes more digitally focused, connected products and services are secure for generators and consumers alike.