Digital Star Top Job Logo

Cybersecurity: risks and countermeasures for power utilities

Cybersecurity: risks and countermeasures for power utilities
10 . Jul . 2020

Smart grid companies in the United States continue to invest in cybersecurity technology, a market that has an estimated value of US$ 1.8 billion. In fact, the digitalization of the energy sector has underlined the need to enhance cybersecurity for power grids. In this respect, Andrew Ginter (VP of Industrial Security with Waterfall Security) and Ron Chebra (VP of Grid Modernization, EnerNex) have assessed the main risks and subsequent countermeasures during the podcast “Utility Cybersecurity”, organized by EnerNex, a CESI company leader in providing engineering, consulting, and research services to the electric power industry worldwide.

As a particularly critical infrastructure, it is essential to be able to protect and guarantee the full operation and resilience of power grids. Following the digitalization of the electricity sector, industrial control systems (ICS), such as SCADA Systems that manage the grid, can become targets of cyber-attacks, which can create not only inconveniences but also impact commerce, well-being and safety. Therefore, protecting grid systems from vulnerabilities and mitigating the risks should be at the forefront of every utility today. The traditional methods of protecting IT assets are, however, not by themselves adequate protection for critical OT assets.

During the podcast, it has thus been noted that:

  • Compliance to North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards is not enough
  • Public C2M2 model can be used for facilitated or self-assessment of cybersecurity capabilities
  • OT/IT technology convergence requires understanding the very different cyber challenges faced by IT versus OT systems
  • Effective cyber processes and solutions:
  • Determine the risk profile and vectors
  • Establish a rigorous process around managing assets, communications and services
  • Establish a cybersecurity framework that addresses all aspects of the environment

Listen to the recorded podcast here: “Utility Cybersecurity”

Related contents