A widely cited 2012 report from the World Energy Council acknowledged that the global energy sector is facing a ‘trilemma’, trying to reconcile three problems. These are to ensure future energy cyber security while simultaneously reducing carbon footprint yet keeping consumer bill rises to an acceptable minimum. All are ‘must solves’ that unfortunately also conflict with each other.
These are fundamental issues of high profile political importance, affecting the prosperity and future livelihoods of all. So it’s easy to understand why cyber security often sits a little further down the roll call of energy company priorities.
Effective cyber security of energy supplies also affects the other two aspects of the trilemma. Without it, energy providers will be less able to deploy technologies such as smart metering, integration with the Internet of Things (IoT) or ultra-responsive grid switching and management systems. All these are key aspects of reducing emissions and ensuring maximum efficiency for customers.
The trilemma is also set against a background profound technological change for the industry, with ever more Industrial Control Systems (ICS) and services being networked and connected to the internet. These changes are reflected within the consumer sector too, with the IoT revolution heralding an era of new efficiencies and monitoring benefits for domestic energy products, yet also bringing a number of new challenges along with it.
The energy and utilities sector forms a key part of critical national infrastructure, which makes it a high value target for state or non-state actors seeking to gain military or political advantage or cause chaos and disruption.
Being able to remotely disrupt a national electricity grid would have devastating effects. Therefore, defending the grid from cyber attack is a core part of ensuring energy security.
While these potential attackers might be seeking to control or disrupt energy supply and distribution, they may also have other motives, such as to cause embarrassment or compromise customer data or transactions. Thus energy companies face a diverse range of threats that differ both in goals and execution from the traditional threat map.
Energy companies and grid organizations need to be aware of the various cyber threats that face them, and accept that their strategic role in society places them in the firing line of some particularly skilled and motivated attackers, including state actors.
Due to the speed of these changes, traditional cyber security measures have been found wanting, as evidenced by the growing level of cyber breaches reported in this sector. Forward-thinking organizations must build on the effective parts of their cyber security programmes with practical solutions in order to stay one step ahead.
In our times, cyber security in the energy sector is not just a strategic issue but also an existential one. Energy companies have become prime targets for attackers, including state and non-state actors. Information security will also define the energy sector's ability to meet future challenges such as carbon reduction.
MWR provides an ideal security partner for any energy company, oil & gas firm or IoT provider confronted by the specific challenges peculiar to the energy sector.
Our research-driven approach provides deeper understanding of attacker methodologies. We have a track record in enabling established businesses to adopt a security culture by delivering security programs that deliver improved business competitiveness. Effective cyber security strategies within the sector need to be fully aligned to your business risk appetite and threat profile. We will review these and ensure that your approach contains some of the following key components:
We offer a range of solutions through our dedicated OT Security practice, including Security Assessments for ICS environments; both at the design stage and also for established systems.
For energy product manufacturers, MWR can also assess embedded devices for applications such as home automation or IoT, working with designers and developers to make sure that the product is designed at source to protect its critical assets.
In power grids, utility networks and industrial facilities, safety always trumps security. And often where effective security is required, the pressure to maintain uptime means that new features cannot be added to systems deemed too fragile to modify. Understanding this issue, MWR has developed Vision, a tool that can passively scan your ICS systems for security issues, with far less risk than before.
And for more traditional security environments within the energy sector, MWR’s Cyber Defense solutions can also secure an energy organization’s most valuable assets: its customer base and intellectual property. It’s for this reason that we use a threat-based approach to help you build a realistic view of your security posture, adopting programmes that are highly effective in practice.
Experience has taught us that if your business can resist targeted cyber-attacks from advanced nation states, it can resist cyber-attacks from almost all threat actors. The energy sector has seen more than its fair share of targeted attacks that have been attributed to nation state threat actors.
With solutions such as Targeted Attack Simulations and Countercept, delivered by consultants that truly understand the mind of an attacker, your organization can be safe in the knowledge they are using the most advanced defences to resist the most advanced attackers.
These are just a number of solutions offered by MWR to help firms in the energy sector overcome the security challenges they are facing.