Home Security Warnings of rising security threat to utilities
Warnings of rising security threat to utilities Image courtesy of Stuart Miles at FreeDigitalPhotos.net Featured

Increasing complexity within the monitoring and control core infrastructures of Australia’s utility operators may make them more susceptible to cyber attacks that could cause widespread disruption across the country, according to a warning from industry experts.

Speaking during an industry round-table discussion in Sydney on cybersecurity in the utilities sector, Ivan Fernandez, industry director at analyst firm Frost & Sullivan, said that for electricity generators and distributors, complexity is being created by the growing number of small producers feeding power into the grid.

According to Fernandez, the output from wind farms and solar arrays must be carefully monitored and controlled to ensure that they do not have a detrimental impact on stability. However, this control may well be the subject of cyber attacks.

“In the area of water supply, the growing number of sensors and automated controls is leading to more interconnected grids. Operators must juggle the challenges of maintaining supply and efficiency with preventing cyber attacks against essential infrastructure.

“What we are talking about is a rapidly increasing attack surface for cybercriminals. Infrastructures which, until now, have operated in isolation are being connected in ways never before imagined.”

Fernandez cites Energy Networks Australia and the CSIRO estimates that more than 40% of customers would have adopted on-site generation by 2027.

“In addition, the mainstreaming of smart meters opens up more security issues that will need to be addressed,” he warns.

In the water sector, Fernandez says water providers are increasingly shifting to decentralised treatment plants, more complex recycling and resource-recovery systems, as well as smart water meters – all of which require increasing levels of connectivity for monitoring and control.

“We are likely to see a rising number of cyberattacks directed at the SCADA systems that sit at the heart of these infrastructures,” he says. “They will be open to threats with which they were never designed to withstand. It’s a clash between traditional operational technology and new information technology.”

And another industry executive, Giovanni Polizzi, Energy Solutions Manager at technology company, Indra, says the challenge of implementing effective security is becoming even greater with the emergence of the Internet of Things.

“You have a growing number of devices across the utility infrastructure that have never before been connected to the internet,” he says. “This may create security issues as it opens new opportunities for cyber criminals to launch attacks.”

According to Polizzi, operators of OT systems need to “look to the IT world to understand the types of preventive security measures they need to put in place”.

“A close collaboration between IT and OT teams is the best way to understand the challenges being faced and the steps required to overcome them, but also a great opportunity to strengthen the security of the entire infrastructure, IT and OT,” Polizzi says.

Urgent action is required to address security issues in the utility sector, according to Phil Kernick, chief technology officer at CQR Consulting, who says the cyber security challenges within utilities are not something that will emerge in the future, but need to be addressed immediately.

“Overall, security in this area is not being done well right now,” he says. “It tends to be managed by control engineers who have limited experience in the area, and this is a situation that needs to be addressed as quickly as possible.”

Kernick says an economic imperative needs to be found for utility operators to get their cybersecurity up to scratch because, at the moment, this doesn’t exist.

“Utility companies are profit driven and so why should they be expected to volunteer to spend more on IT security? There could be an argument that this is a situation where government needs to step in and wield a big regulatory stick.”

Carsten Rudolph, Associate Professor at Monash University and director, Oceania Cyber Security Centre, told the conference that while high-profile cyber attacks tend to gain the most attention from those in the sector, “this is not where the minds of management should be focused”.

“Utility companies need to be focused on identifying and putting in place the necessary protective mechanisms that will counter the threats,” he says. “Operators also need to be able to identify attacks as soon as they occur and undertake remediation. It’s not realistic to expect to be able to build totally secure infrastructures, so being able to react quickly is vital.”

And Scott Robertson, vice-president, Asia Pacific and Japan at security company, Zscaler, sounded a relatively positive note, saying that while the security challenge can appear somewhat daunting, tackling the issue of cyber security doesn’t have to be a difficult process for utility companies.

“We are certainly not saying that they have to triple their spending on security measures,” he says. “Tools already exist that allow preventive measures to be put in place quickly and effectively. It’s a matter of establishing where the threats exist and selecting the best tools for the job.”

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect