Cyber security
for smart energy
and renewables

The digitization of the grid, along with renewable energy infrastructure such as solar and wind farms, will serve to enhance the performance, controllability and security of hugely important and strategic assets while building in reliability and resilience. But as with all "connected" infrastructure, there are hidden vulnerabilities.

A cyber attack on a power grid in Ukraine's capital Kyiv in 2015 is the first-ever recorded incident of a blackout caused by a malicious cyber hack. The offense left more than 230,000 residents without power for between one and six hours after attackers managed to hijack staff information to gain access to the Supervisory Control and Data Acquisition network that controlled the grid. According to experts investigating the incident, it started with a spear-phishing campaign against information technology (IT) staff and system administrators responsible for distributing electricity throughout the city.

This high-profile attack demonstrates the vulnerabilities that can exist in smart grid infrastructure. It may seem like an exceptional case, but in fact cyber attacks are more common than evidenced, as most breaches go unreported.

As smart grids proliferate and the number of interconnections increases—such as to distributed renewable energy plants, aggregated distributed resources (rooftop solar) and smart meters—the larger the so-called "attack surface" becomes.

Renewable energy cyber security attacks can occur in a myriad of ways. For example, phishing emails may be targeted at unsuspecting staff with cleverly disguised malicious links containing malware or ransomware. A denial-of-service attack may see a perpetrator hack into a system and block staff access while taking control themselves. False data can be injected into information flows, creating a false narrative of events resulting in bad decisions. And "cascading" can be a serious problem whereby one system is infected and quickly passes onto a secondary and backup one, creating a large-scale blackout that is hard to reverse.

A report by the Renewables Consulting Group highlights how, in particular, remote management of renewable energy infrastructure can create new vulnerabilities. As the report notes, control is often exerted through public IP addresses, which can leave operational, maintenance and monitoring software open to attack. Once they gain access, attackers can steal sensitive data and cause physical damage or shut down operations altogether through repetitive operational commands on moving components.

Hardware firewalls, layers of encryption and multi-factor authentication are typically the most common threat mitigation strategies, but there are others.

Large-scale attacks like the one that happened in Ukraine tend to take attackers more time, providing opportunities to shut them down before the threat is fully realized. Network monitoring tools that randomly check data samples to see if traffic is going to suspicious locations in and around a network can identify and stop an attack like this in its tracks.

Known as network threat monitoring, it can compare the data flow samples to an in-house extensive threat library and decipher suspicious patterns and potential security gaps that may be early indicators of a compromise, network problem or misconfiguration. Notably, this solution doesn't require additional hardware or software, just IP addresses, which can be preferable for some organizations. Plus, utilities can benefit from access to a system that is continually being updated with information about new threat vectors.

Similarly, advanced analytics of systems can help single out potential attacks early, providing confidence as the digital footprint of the utility and grid expands. Managed security services can single out critical threat data and help organizations act before there is a serious impact on operations.

This solution has several benefits, including reducing security concerns because experts have the systems covered, allowing you to focus more attention on core customer-centric business goals. Furthermore, incident data can be quickly generated for analysis through a simple portal, with actionable information from logs or events made available so the most imminent threats can be escalated for action.

It's important not to neglect mobile security. Operators and engineers out in the field are increasingly making use of tablets and other mobile devices that, if not managed, can also be vulnerable entry points for attackers. Mobile security allows businesses to secure employee and associate devices, whether they're at their desks, in the field or nearly anywhere in between.

Just as the attack surface widens as smart grid systems grow and inevitably become more integrated, more and more mitigation strategies are available. Keeping track can be a challenge in itself. However, cyber risk monitoring systems can provide an easy 360-degree view of the overall security landscape, make regular risk assessments and benchmark specific security information. The technology will provide regular updates in clear language, making it easier to manage and understand. This can help businesses identify security gaps and ultimately develop a focused action plan so money can be spent where it's needed most.