AEE outlines key cyber security threats, as energy goes digital

The endless improvements which technology has brought to our energy system also come with new challenges of their own. As the economy becomes ever more reliant on virtually connected technologies, new vulnerabilities have started to emerge, and maintaining cyber security is of the utmost importance.

Models for a future energy system rely on ‘internet of things’ applications, or on sophisticated energy management software packages designed to increase efficiency – while convenient for the energy systems, the interconnected nature of the technology leaves potential for cyberattacks.

In a new report, available to download here, AEE outlines the major cyber security threats to the energy sector; and sets out best practices for all players to minimize risk and ensure the energy system is protected.

The report notes that 2016 saw the first malware program, specifically designed to target electrical grids, was used to cause a blackout in the Ukraine, and that other attacks have targeted the energy system, with the aim of gaining control over infrastructure, or access to sensitive information.

AEE outlines a set of best practices for companies, from basic actions like password maintenance and ensuring anti-virus/malware software is kept up to date, to more complex ideas, such as building networks with isolated security enclaves, regular penetration testing and message encryption.

“Recent events demonstrate that the level of cyber threats is increasing and targeting a broader range of assets, including advanced distributed energy technologies and smart grid applications,” said Kenneth Lotterhos, Managing Director for Energy at Navigant Consulting, and a contributor to the report. “Through this paper, AEE has advanced the dialog between industry and regulators to collaboratively promote the next generation of advanced energy technology solutions that are cyber-secure,”

Unless there is an ‘unforeseen event’, according to AEE, it is unlikely that a single policy for electric grid security will emerge – so it will be up to the industry to ensure its own security.

While the risks are grave, AEE is broadly positive in saying that they can easily be minimized. “There are technologies processes and operational strategies currently available that will reduce exposure to cyberattack,” reads the report’s conclusion. “With appropriate application of these protective measures, the risk of a major service outage resulting at the grid edge can be minimized.”