Critical infrastructure like national power grids are increasingly becoming a target of hackers and attacks. Several hacks reported around the globe in recent years have drawn attention to the vulnerability of national power supply systems and brought into question the safety of these and other infrastructural services.
“ ‘Cyber attacks’, with widespread infrastructural failures as their goal, have the potential to take down a country’s power grid. This has made cyber security a priority for global corporates and often their first step to achieving this is by future-proofing their operations,” says Taru Madangombe, Schneider Electric Energy VP for Southern Africa.
“In order to future-proof, utilities need to view cyber security as a pressing need rather than an afterthought.”
He notes that hackers tend to focus on attacking critical infrastructure industrial processes, rather than physical assets.
Many plants are convinced that their networks are isolated and consequently secure, but without ongoing audits and intrusion detection that sense of security could be a delusion.
“The growing demand for open information sharing between business and production networks increases the need to secure transactions and data. For power generating companies, where the consequences of an attack could have widespread impact, the need for cyber security is even more pressing,” says Madangombe.
The open and interoperable nature of today’s industrial automation systems – many of which use the same computing and networking technologies as general-purpose IT systems – requires engineers to pay close attention to network and cyber security issues.
“It’s also important to remember that threats can come from many sources, external or internal, ranging from terrorists, disgruntled employees, to environmental groups and common criminals. The technical knowledge, skills and tools required for penetrating IT and plant systems are becoming more widely available. As the incidence of threats increases, the level of sophistication necessary to implement an attack is decreasing, making it easier for intruders.”
Power engineers play a critical role in hardening power operations against intruders, but collaboration and the support of both corporate management and the IT department are essential.
A recent companywide vulnerability audit of a large U.S. utility revealed some areas of technical vulnerability in the control system. However, most of the findings had to do with organisational problems, such as lack of plant-wide awareness of cyber security issues in general, inconsistent administration of systems, lack of a cyber security incident response plan and poor physical access to some critical assets.
“Corporate management first has to acknowledge the need for secure operations and because few companies have the resources to harden all processes against all possible threats, management should guide the development of a security policy that will set organisational security priorities and goals. In having all departments working together, project engineers need to understand the security risks and possible mitigation strategies, while IT, which brings much of the security expertise, must understand the need for real‑time availability to keep units online,” says Madangombe.
“Management also needs to recognise that investment in prevention will have a far greater payback than investment in detection and removal. Although investment in the latter areas may be necessary to ward off immediate threats, focusing on activities that prevent attacks in the first place will reduce the need for future detection and removal expenditure.”
Schneider Electric’s cyber security solutions protect the most critical of operations across diverse businesses and industry sectors. “We understand and apply cyber security solutions from the client’s operational perspective while integrating appropriate IT policies and requirements. This allows the client to protect their business while embracing new technologies that enable the business to grow and deliver to their customers,” concludes Madangombe.
For more information contact Schneider Electric on +27 (0) 11 254 6400.