Key issues in cyber security for utilities

Utility companies across the world are in the midst of their digital transformation process. Predictive and condition-based maintenance, an increase in efficiency and line/pipe loss reductions are often based on IIoT solutions and IT/OT integrations, while other improvements rely on artificial intelligence, big data analytics and customer experience improvements. All of this introduces new cyber security risks. To make matters worse, the number of cyber attacks in the utility sector, and especially in electric power supply, has risen dramatically since mid-2018, without an end in sight.

The two key issues in cyber security in the area of utilities are:

  • Vulnerability of smart cyber assets, i.e. smart devices (IIoT or OT), which are used to optimize energy/water flows and identify and locate problems. Due to their potential vulnerability, these devices need additional security measures to be operated safely.
  • Loss of control (OT), since at least parts of the OT in utilities tend to be rather outdated and cyber security has so far not played a role. With the need to integrate IT and OT, completely new attack possibilities arise (incl. the complete shutdown of power or water supply in larger regions or even countries) and need to be addressed if digitalization is not to become a gateway for hackers and other villains.

Utilities are subject to a certain degree of regulation; in most regions, they are declared to be critical infrastructures, as a potential failure would not only affect the company as such but basically all businesses and private households of a region. Besides, it could trigger a domino effect and result in the shutdown of e.g. the entire electricity supply for a whole region or country.

To read the entire InBrief Analysis, please click here.