From cybersecurity to cyber safety: how can we safeguard power utilities and critical infrastructure?
Cyber safety, training, bridging the IT-OT gap and working together: the key takeaways from our recent event with PNDC
From stability to flux – the challenges
Representatives from across the utilities sector converged at Power Networks Demonstration Centre (PNDC) in Cumbernauld recently for Safeguarding Critical Infrastructure with Operational Security, a day-long event jointly hosted by PNDC and Cisco.
Delegates enjoyed a programme packed with expert insights, workshop discussions and practical demonstrations addressing the many issues facing power utilities. Digitalisation, integration and connectivity lie at the heart of future smart grid technology – but they also present major challenges in terms of confidentiality, integrity and availability. The day tackled these subjects head-on and sought to identify workable solutions.
From cybersecurity to cyber safety
It’s a given that cybersecurity is essential to all aspects of infrastructure, but while physical security and other aspects of safety are embedded into substation design from day one, cybersecurity is too often treated as a bolt-on. As security threats grow, regulations tighten, and new technologies – from electric vehicles to IoT – disrupt longstanding business models, cybersecurity must be built into substation design from the onset, marking an evolution towards cyber safety.
The morning included an in-depth industry exploration from our global expert John Stanford. Whether coping with ageing infrastructure or balancing security with regulatory compliance, a clear long-term security strategy is vital. Security teams must, therefore, take control when responding to board-level questions about compliance and risk, stating clearly what is needed and how it will benefit the entire operation, from avoiding crash over-rides to managing a mobile workforce.
Security plans must also consider the differing priorities of IT and OT requirements, which inevitably requires a better understanding of security and makes staff training essential.
Meanwhile, PNDC’s James Irwin addressed security from an academic perspective, examining which areas we need to focus on. He also discussed incident response and trust management; for more on this increasingly vital area of security, read our white paper Why is Security critical for utilities?
Like John, James also touched on the need to consider OT separately from IT – but also the intersection between OT/IT – for example, where IT-issued laptops connect to field/operational kit. You can find PNDC’s overview of the event here.
After a morning of presentations, debate and discussion, the afternoon focused on practical demonstrations at our PNDC security facility, where we tested a range of technology projects, including our own of course!
By adding ‘bad’ devices to the network, we showed how overlaying cybersecurity techniques – including access control, network visibility, threat defence and deep packet inspection – can both identify unusual behaviours and remediate threats.
Making it happen – what’s next for industry safety and security?
Throughout the day, several clear themes emerged, including the need for greater workforce education, better training and a clear utility cyber framework. Working more closely together as an industry was also identified as essential, alongside more operational security implementation and transforming operations best practice.
It was also acknowledged that in recent years, despite showing willing and considerable discussion, the industry still hasn’t moved on enough regarding security. Now is the time to put ideas into action, and the day’s gathering of peers and experts offered a timely opportunity to examine how to make progress.
What to know more?
For me, the day was all about the Art of the Possible; how communication is a vital component in securing the power utilities infrastructure and how IT techniques are now increasingly relevant to substation environments. It was also useful to explore how our solutions and approach aren’t confined to our industry but are equally workable across the whole industrial sector.
It’s a learning curve for all of us. And you can learn more too by reading our whitepaper, which discusses this approach, and the importance of the PNDC security testbed.