Phil Beecher, President of Wi-SUN Alliance, explains why investment in cybersecurity across utility networks is a priority. However, it must extend from the customer grid edge to the network, substation and data centre. It requires a multi-layered approach to security.
The utilities sector continues to undergo profound changes. That means organisations are being challenged in new ways as IT and OT (operational technology) environments become more integrated and complex. Introducing connected devices and components across grid operations and networks has expanded the attack surface and exposed them to the risk of cyberattacks.
Cybersecurity is now a priority as the cost of a breach rises
Our research among senior professionals from utility companies earlier this year shows that cybersecurity investment is a priority for those looking to enhance interoperability and connectivity for large-scale IoT projects.
Respondents were asked to list their top strategic initiatives for the next five years. 41% cited security enhancement as the number one choice. It was closely followed by customer-centric services, renewable energy integration, and building infrastructure resilience.
This reflected concerns raised in our 2022 Journey to IoT Maturity report. It highlighted the growing importance of security and data privacy for IoT adopters.
Cyberattacks on critical national infrastructure (CNI), including power plants and electricity networks, are rising. Nation-state threats against US CNI, including the power grid, were highlighted in reports this year, showing how exposed systems are.
The International Energy Agency (IEA) also highlights the growth in cyberattacks on utilities since 2018. They reached what it calls “alarmingly high levels in 2022 following Russia’s invasion of Ukraine”. Such attacks have disabled remote controls for wind farms, disrupted prepaid meters due to unavailable IT systems and led to serious breaches exposing customers’ personal information.
IBM’s Cost of a Data Breach Report 2024 reports that the average cost of a data breach has surged. It now sits at $4.88 million in 2024, up 10% from the previous year. While healthcare remains the sector with the highest average data breach cost, the energy sector is among the highest.
We have also witnessed the impact of extreme weather events on utilities. The number of power outages in the US has doubled over the past two decades. These are often caused by natural disasters and have devastating consequences for communities and businesses.
This combination of an expanding attack surface, nation-state threats and extreme weather requires robust cybersecurity measures to be a priority to ensure grid resilience.
Multi-layered approach: Prevent, detect, correct
Protecting the grid from threats needs a multi-layered approach. This means implementing security measures at every level of the utility network, from the customer grid edge to the Field Area Network (FAN), the substation and to the data centre.
For a multi-layered approach to be effective, it should have a combination of measures, including:
- Preventive measures – strong access controls and encryption can deter unauthorised access to critical systems and data.
- Detective measures – like intrusion detection systems and log monitoring, can help identify suspicious activity and potential threats.
- Corrective measures – such as incident response plans and disaster recovery procedures, can mitigate the impact of a successful attack. Interestingly, respondents to our recent utility research also highlighted this need for disaster response and recovery planning.
Integrating AI technologies
Energy companies and utilities are already exploring the potential for AI technologies as part of cybersecurity efforts. By analysing huge amounts of data, AI tools can help identify patterns that indicate a cyberattack. The technology can also automate security tasks, from vulnerability scanning to patch management, freeing up resources to focus on strategic initiatives.
According to our research this year, energy professionals certainly see the value of integrating AI technologies into their network infrastructure. The use cases range from energy consumption forecasting to automated fault detection and grid optimisation.
Such applications also have the potential to enhance security by providing real-time insights into network operations and identifying anomalies. AI-powered energy consumption forecasting, for example, could help detect unusual energy use patterns, a sign of unauthorised access or data manipulation.
Automated fault detection could pinpoint vulnerabilities in the system that hackers could exploit. Grid optimisation can ensure the network operates efficiently, reducing the risk of outages caused by attacks and improving grid efficiency and resiliency.
Confidence in the network
Open standards and interoperability play an important role in utilities today. They ensure different devices and applications can communicate and work together seamlessly. That simplifies the implementation and management of security measures across the entire network. It also offers utilities a choice when it comes to device manufacturers, helping to drive innovation in the market.
They need confidence in the wireless communications network they use for IoT devices, sensors and applications. It must be reliable and resilient in the face of an attack. Interoperability, vendor choice, and enterprise-grade security are critical. IoT technologies cannot function or communicate properly without a secure and resilient network.
Wi-SUN Alliance is a global non-profit member-based association made up of industry leading companies. Its mission is to drive the global proliferation of interoperable wireless solutions for use in smart cities, smart grids and other Internet of Things (IoT) applications using open global standards from organizations, such as IEEE, IETF, TIA, TTC and ETSI. With 300 members worldwide, membership of the Wi-SUN Alliance is open to all industry stakeholders and includes silicon vendors, product vendors, services providers, utilities, universities, enterprises and municipalities and local government organisations. For more information, visit: www.wi-sun.org.