Cybersecurity: Hardening the grid

How can we make our energy grids safer? It’s a valid question and a crucial one, given the growing importance of transmission and distribution networks in bringing electric power, including solar or wind energy, from the point of generation to load centers. Digitalization is transforming the entire industry, changing business models as well as processes and introducing new cybersecurity challenges. The role of electricity is constantly increasing with the introduction of new technologies such as pure electromobility, or the resurgence of established ones such as heat pumps for heating and cooling in buildings.

Such connected, increasingly sensor-equipped infrastructures may have vulnerabilities that can be exploited; however, I am encouraged to find growing worldwide awareness of the importance of cybersecurity, especially in my discussions with grid operators. They know that grids, and everything connected to them, form the backbone of modern societies and are therefore attractive targets for hackers.

Already today, owners of critical infrastructure must deal routinely with ransomware attacks, where malicious software is deployed to disable or hijack assets until the owners pay the attacker. There are multiple possible attack vectors. Some adversaries may take a rather broad approach, or deploy social engineering techniques, while others may use highly specific tactics tailored to the asset in question.

One aspect of protecting assets against such actors is the “defense in depth” concept. It aims at preventing intruders from compromising the system in the first place, but also establishes a network of zones and tiered lines of defense that prevent malicious actors from moving within the network. Such a holistic approach should take into account the people working in an organization, making them aware of the importance of cybersecurity and their own contribution to preventing attacks; it should include all processes to ensure the integrity of systems and data; and it must result in products that are hardened against malicious attacks. 

In meetings with customers, I am often asked how our own company handles these issues. In a world where data is increasingly the basis of new business models, they are understandably concerned about system integrity. Of course, we design our own broad portfolio of grid solutions to withstand attacks. And we are constantly on guard and looking for new risks and ways to counter them. 

For example, we take part in international cybersecurity platforms for information sharing on cybersecurity. This helps us keep up to date on emerging threats. It also allows us to contribute our decades of experience and vast cross-domain expertise and help shape the protection standards that are applied industry-wide, including by our customers.

Another example of international cooperation is Locked Shields, the world’s largest and most advanced international live-fire network defense exercise, organized annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia. Here, Blue Team operators defend their networks against the Red Team’s intruders under real-world conditions. It is the largest drill of its kind worldwide, involving 25 teams – essentially, the World Cup of cybersecurity!

As a CCDCOE cooperation partner, Siemens has not only made its own network technology available as a target, but also contributed grid attack scenarios for exercise design. Moreover, some of our own experts have participated on the attacking side, observing the Red Team’s techniques and noting any vulnerabilities that might be exploited under realistic conditions. One of the main insights gained from these events is that monitoring is crucial – defenders must know which assets are still operational and which have been compromised. Afflicted systems must be identified as quickly as possible in order to head off potential attacks at the earliest stage.

Ultimately, all these efforts are intended to build tougher infrastructures – to harden our own products and services, but also to help our customers deploy in-depth defenses, for instance by developing information security management systems or creating specific protection packages for substations or control centers. We must and will not shy away from the ongoing battle to gain a technical edge and discover the capabilities of malicious adversaries. 

2018-04-25

Michael Weinhold, CTO, Siemens Energy Management Division

Picture credits: Michael Weinhold, Siemens AG