Energy grids compromised by poor cybersecurity measures


Energy grids are in the pipeline for a technological revamp, with the potential for smart readers to automatically manage and maintain supply and demand levels. But until then, and in their current industrial state, grids are under threat of imminent cybersecurity attacks.

According to Phil Kernick of CQR Consulting, the energy systems in place are outdated and are not equipped to keep up with the rapidly-changing trends in cybersecurity, in particular, how advanced hackers have become in recent years.

He said: “The distribution systems and the generation systems were deployed a decade and a half ago and are not scheduled for change for another decade and a half.

“With a few notable exceptions, there are no standards that are deployed in the energy sector in the control environment. None. No governance. No policies. No procedures. No documentation. It’s just built the way it was built over the last 20 years by the people who built it. It’s the IT of the 1980s and 90s writ large in the energy sector today.”

Energy providers are looking towards a transformative approach in increasing complexity by implementing smart grids but are undermined by the lack of training or qualification in operational technology (OT) cybersecurity to support the developments.

However, Kernick is optimistic about the future integration of OT with IT, and hopes that there will be more training for board level executives regarding the cybersecurity measures needed to secure the energy grids.

“Five years ago, we couldn’t convince the board of these organisations to talk about, to even consider cybersecurity as a concept. Now they see it as directly linked to the revenue generation and profitability of the organisations,” he commented.

Despite Kernick’s claims, it appears as though efforts are being made around the world to improve security measures. In particular, the US government has made public statements warning those in the energy industry to increase security measures.

Investors at GE Ventures have raised 12 million USD for Xage, a cyber start-up company that makes use of blockchain technology to connect machines in oil wells to smart meters across America.

The initiative comes as a result of the concerns raised over suspected Russian cyberattacks on internet-connected industrial equipment, which has allowed criminals to exploit ransomware and network interruptions for the sake of financial benefits.

Xage’s chief executive Duncan Greatwood, having previously worked at Apple, noted that such security measures were imperative if those in the energy sector wanted to benefit from remote technologies, at the risk of hackers intervening at any point.

“Even two years ago most of these facilities were just disconnected from the outside world and the risk was kind of contained. [However now, there is a] level of exposure that never existed before. If they get compromised in a particular place, it affects not just two or three drills but 20,000 of them.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *