Grid 1 – hackers 0

Cyber security in energy supply

Safety is about more than working at heights or dealing with high voltages: it’s also about the security of all data generated by the high-voltage grid. Ruud Palings is from Sprecher Automation, a supplier of station automation and security solutions to the energy market. He tells us about hackers’ techniques and how Sprecher prevents malicious third parties from gaining access to systems and the high-voltage grid.

Why data needs to be secured

‘Security is needed at all points in our network that process data. Take the smart meter in your home. Your supplier reads out your consumption and transmits it over a data connection. You’ll want this data to be sent to the right place, and without the risk of it being read out by other parties along the way and used for other purposes. This works exactly the same way on a large scale as well. As soon as you allow systems to communicate with the outside world, you must set up the systems in a way that ensures this communication is made securely. The products used in these systems must, of course, support this.

At this moment in time, more and more data is being retrieved from our high-voltage grid. This requires intelligent systems, ones that transport data and store it in a central location through a communication link. Although our high-voltage transmission stations had needed this for some time, now you can see how more and more data is being retrieved from our electricity networks. So, medium-voltage substations and medium or low-voltage areas are increasingly being equipped with automation and protection systems.’

Why hackers want to hack

‘There are recent examples from abroad of hackers breaking into power plant control systems. One is from the Ukraine, where cybercriminals deliberately harmed the systems and energy supply. Cyber security uses what’s known as a threat landscape, which links the threats to the target, essentially explaining why hackers do what they do. For example, there are cybercriminals who hack for financial gain. Some hackers pursue their activities for a higher cause, while others hack for fun and for fame. Finally, there are terrorist organizations whose hacking activities are driven by ideology or politics and who often use violent motives.’

Human beings are still in the weakest link

‘Recent attacks on large systems show that human beings are still the weakest link in the chain. This could be someone opening an e-mail and downloading that one attachment, or someone logging on to the company network and using an infected USB stick. It’s almost always people who inadvertently opens “doors,” allowing a cybercriminal to gain access to the systems.’

How Sprecher Automation supports cybersecurity

‘The solution? The solution is to always use a well-planned security system. That’s why products are constructed in layers according to the “defence in depth” principle. This prevents a hacker from gaining full access to the system as soon as the first “door” is opened. We provide products and services that reinforce energy companies’ cybersecurity policies. Examples include configurable firewalls, encryption capabilities or data encryption, and role-based access that are implemented in our products. This creates a system in which data is made available to the outside world securely, meaning it’s only sent by and to the sending and receiving party. Only the sender and recipient are able to understand the messages.

The ultimate goal of these technologies is to prevent cybercriminals and hackers from accessing and manipulating critical data, so as to prevent damage to vital infrastructures.’