The energy sector is transforming, introducing smart connected solutions for energy generation, storage and distribution. A digital ecosystem, enabled by the IoT, equips energy companies to monitor and manage connected infrastructure comprising solar and wind farms, smart meters, battery storage, a smart grid and more. However, like all industries, IoT security is important as energy faces cyberthreats to data, devices and networks. It must defend against, detect and react to cyber incidents to protect its installations.
Critical infrastructure under attack
Cyberattacks can wreak havoc on their targets and potentially disrupt or threaten the smooth running of services. The energy sector is a target because it manages critical national infrastructure that exchanges high value data. This has a potential worth to would-be hackers making the UK’s energy sector the second most targeted industry – in 2023 it attracted 30% of attacks. In Europe overall, it was an even gloomier picture as 43% of incidents were within the energy sector.
Taking cyberattacks as a whole, ransomware (including distributed denial of service – DDoS) is a significant threat. It follows therefore that IoT devices involved in DDoS attacks increased fivefold in the space of a year to a staggering ~1 million insecure devices (bots) engaged in these activities.
Securing cellular IoT
Cellular IoT provides ideal connectivity for the devices and solutions of smart energy systems, but it must do so securely to mitigate the risk of attacks on infrastructure. All connected devices have an attack surface so comprehensive measures must be taken to protect them. Any weaknesses could leave energy infrastructure open to risk, and these weaknesses could just as easily be procedural as technical. After all, cybercriminals frequently target people in organisations through phishing emails and other means.
As we’ve seen, the risks are stark. IoT connectivity providers, and the device manufacturers, solutions providers and energy companies they support, must prioritise cybersecurity. That means device identity authentication; secure connectivity to grid infrastructure, IT systems and cloud destinations; and robust processes and procedures that incorporate cybersecurity training and due diligence with suppliers.
Defend
Robust IoT cybersecurity strategies defend, detect and react. They should incorporate technology and process practices as well as security policies for staff and third parties.
Defence is largely about managing the identity of devices to prevent unauthorised access, as well as secure communication, resilience against outages, software refreshes and compliance. As companies build their defence measures, they should utilise IoT SAFE for their devices. This interoperable SIM standard is designed to uniquely identify devices for mutual authentication between devices and applications.
Detect
Detection comes after defence in an IoT security framework. This promotes the use of device, network and application-level monitoring to provide early warnings of attempted and successful cyberattacks. Companies must be able to detect anything anomalous that could indicate a breach or attempted breach, no matter how comprehensive defence methods are. To do that, they must first understand what ‘normal’ looks like for their devices and network traffic and have methods in place to monitor them. For this, they can draw on anomaly detection tools that can spot anomalous activity that could indicate trouble.
These detection engines can be device-agnostic and work with artificial intelligence programs to automate data feed analysis and score potential threats. Any required action can also be automated, or not, according to pre-set business rules.
React
Reaction is, of course, what happens next once an issue has been identified. It can include threat isolation, possibly quarantining and cleaning affected devices. The important point about reaction methods is that they are made possible by preparation. When companies rehearse their reactions – and make doing this a regular habit – they equip themselves to take swift action in the event of a real incident, and that can be the difference between a bad situation and a catastrophic one.
There are tools and techniques to also help companies rehearse. They include ‘digital twin’ virtual representations that can be used to model potential threats and practice crisis management. There are also organisations that can organise workshops to work with companies on scenario handling.
The energy sector faces very real cyberthreats to its IoT connected infrastructure in new energy networks. Companies must equip themselves with a robust security strategy that mitigates risk at every turn, inside and outside the organisation. A 360-degree approach to security that defends against, detects and reacts to cyber incidents is a comprehensive way to secure devices, networks and data under threat. To find out more, take a look at IoT security solutions or contact us.
