Grid modernisation and data security are of focal points as Artificial Intelligence (AI) revolutionises infrastructure performance and business insights.

The Executive Order from the White House on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” signifies a crucial step towards establishing trust and security guidelines for rapidly advancing AI technologies.

This initiative is particularly vital for the digital energy sector, where AI plays a central role in critical infrastructure projects such as Virtual Power Plants (VPPs) and Energy as a Service (EaaS).

Looking ahead, the future priorities for AI in this industry revolve around ensuring productivity, authenticity and security.

AI’s role in digital energy productivity

Beyond content generation, AI serves as the driving force behind automating decision-making processes in the digital energy sector, notably in projects like Virtual Power Plants and Energy as a Service.

VPPs leverage AI to optimise energy generation and distribution, ensuring a balanced supply and demand. EaaS, powered by AI, provides consumers with flexible, adaptive energy services. These innovations have the potential to transform energy production and consumption, making it more sustainable, efficient, and cost-effective.

Ensuring data provenance and authenticity

Critical to AI’s success in the digital energy industry is the assurance of data provenance, authenticity and transparency.

The Executive Order aligns with the establishment of a universal data, IoT and AI trusted interoperability standard. This framework sets clear provisions for governing and tracking content and decisions made by dispersed AI platforms.

Have you read?
Energy cybersecurity in 2024: Building accountability and responsibility
Generative AI for smart grid modelling

Key aspects include:

• Training AI Algorithms: AI algorithms rely on authentic and unbiased data for training, directly impacting their effectiveness in optimising energy processes. A layered trust stack ensures the security of data provenance and device authenticity.

• AI-Driven Decision-Making: Authentic, authoritative, and policy-compliant data is essential for AI-driven decision-making in critical infrastructure projects. An interoperable standard must be future-proofed to handle evolving cyber threats, including quantum computing.

• Verification and Authentication: The order emphasizes verifying AI compliance with policy criteria, requiring authentication of verifier credentials. A universal secure interoperability standard necessitates a stack of verification algorithms adaptable to diverse layers.

Transparency in AI-generated content

In the digital energy sector, AI-generated content influences people’s actions, demanding transparency to build trust and ensure responsible AI use. Transparency provisions are effective when assuring entity authenticity and authorisation across diverse technologies and statuses.

An authoritative and authenticated web is being designed to address:

• Provenance of Data and Content: Tracing and recording the origins of data and content are crucial for reliability in energy information. In a VPP, a well-managed software platform is essential for administering all aspects, from monetisation to compliance reporting.

• Credential Authentication: Verifying data providers’ credentials and sensor properties ensures the legitimacy and trustworthiness of data sources, crucial in systems like Energy as a Service.

• Interoperability for Assurances: Interoperability is crucial for applying assurances effectively in distributed systems. TEIA, the Trusted Energy Interoperability Alliance, founded by Intertrust, answers the call for AI regulation, integrating security and interoperability within a flexible standard.

Policy and data in trustworthy AI operation

The executive order stresses the need for using both policy and data to manage trustworthy AI operations. With AI influencing decision-making in various automated systems, recognising its roles is crucial.

Trust management and adaptable policy frameworks are necessary for:

• Reasoning About AI: Transparency, trust management and agile policy frameworks are vital for reasoning about the provenance and authenticity of AI inputs and outputs.

• Security Infrastructure: An efficient security infrastructure must ascertain data and AI provenance, providing tools for authentication by both people and automated applications.

• Real-Time Responsiveness: Security infrastructure and policy frameworks must be self-adaptable to meet the real-time requirements of decision-making in the digital energy industry.

• Resilience to Attack: Interoperable security measures across IoT and data processing fabrics ensure resilience against malicious attempts, safeguarding energy infrastructure.

• Integration with the Web: Seamless integration ensures broader, comprehensive security, crucial in the digital energy sector where VPPs and EaaS rely entirely on digital platforms.

The Executive Order on AI development and use is a significant milestone for the digital energy industry, emphasizing the importance of AI in optimising energy processes.

Intertrust’s TEIA aligns with the order, ensuring AI-driven decisions comply with accurate data and policy criteria. Industry stakeholders should actively engage with the proposed mechanisms and TEIA solutions, contributing to a secure and dynamically adaptable digital energy future. This collaborative approach will foster efficiency, reliability, and sustainability in the evolving landscape of AI in the energy sector.

About the Author

Hebberly Ahatlan is product marketing director, energy at Intertrust Technologies and has 15 years of experience in the tech industry developing go to market strategies.

The large-scale digitalisation of the energy system, key for the delivery of a fit-for-purpose grid for net zero, is bringing with it new demands for cybersecurity, which must cover the whole value chain, from production and transmission to distribution and the consumer, including all the digital interfaces along this path.

As the number of connected resources grows – and they are rapidly with the fast-increasing uptake of distributed energy resources – so too do the number of interfaces and the number of involved parties. And with that the challenges to achieve a cyber secure system.

The EU’s new network code on cybersecurity, one of the 25 key deliverables of the energy system digitalisation action plan, is focussed primarily on the cross-border electricity flows that form a central component of the single market and was widely consulted in development.

Have you read?
US developing uniform guidance on distribution cybersecurity
Energy Transitions Podcast: Cybersecurity innovation at the core of digital transformation

In its 60+ pages, it covers a breadth of topics, prefaced with a ‘General’ section covering such issues as the need for national competent authorities to carry out the tasks assigned in the regulation, cooperation between parties at national level, the important cooperation between ENTSO.E and the DSO Entity, which is at the heart of its implementation, and cooperation with ACER.

A key foundation for the network code is the establishment of a recurrent – every three years – process of cybersecurity risk assessments in the electricity sector at national and regional levels, aimed at systematically identifying the entities that perform digitalised processes with a critical or high impact in cross-border electricity flows and their cybersecurity risks, and then the necessary mitigating measures that are needed.

For that, the network code establishes a governance model that is aligned with existing mechanisms in EU legislation, such as the revised Network and Information Security Directive, with ENTSO.E and the DSO Entity required to propose the risk assessment methodologies.

‘High impact’ and ‘critical impact’

This notion of ‘high impact’ and ‘critical impact’ is fundamental and depends on the degree of impact of possible cyber attacks in an entity’s processes or operations, with those entities primarily those that have a direct impact on cross-border flows of electricity in the EU.

A second key component is the establishment of a common electricity cybersecurity framework with minimum and advanced controls respectively for ‘high impact’ and ‘critical impact’ entities.

Cybersecurity procurement and the broader supply chain are another key area, with recent cyber-attacks show that entities are increasingly becoming the target of supply chain attacks.

The TSOs are required to develop non-binding procurement recommendation for ICT products, services and processes – again differentiating whether the entity is deemed of high or critical impact.

Information flows and crisis management in the wake of a cyber attack also are crucial and the network code establishes rules around reporting and information sharing.

Finally, the regulation sets out rules for the undertaking every three years by critical impact entities – and on their request also critical service providers – of a cybersecurity exercise including one or more scenarios with cyber attacks affecting cross-border electricity flows directly or indirectly and related to the risks identified during the cybersecurity risk assessments.

The template for this is to be developed by ENTSO.E and the DSO Entity, with the involvement of ACER and ENISA.

Under the EU rules of procedure, the delegated act is subject to scrutiny by the EU co-legislators, i.e. the European Parliament and Council, each for 2 months with a possible 2-month extension.

Jonathan Spencer Jones

Specialist writer
Smart Energy International

Follow me on LinkedIn

According to the Commission in a release, the network code will be an important step to improve the cyber resilience of critical EU energy infrastructure and services.

The delegated act follows a consultation process with relevant stakeholders, including contributions from ENTSO-E, EU DSO Entity and ACER, as well as a four-week period for public feedback at the end of 2023.

It will support a high, common level of cybersecurity for cross-border electricity flows in Europe.

EU network code for cybersecurity

The EU network code aims to establish a recurrent process of cybersecurity risk assessments in the electricity sector.

These assessments are aimed at systematically identifying entities that perform digitalised processes with a critical or high impact in cross-border electricity flows, their cybersecurity risks and then the necessary mitigating measures that are needed.

To do so, the network code establishes a governance model that uses and is aligned with existing mechanisms established in horizontal EU legislation, notably the revised Network and Information Security Directive (NIS2).

This is the case, for example, for the reporting of cyberattacks and vulnerabilities using the established Computer Security Incident Response Teams (CSIRTs), or coordination with the CyCLONe network in case of large-scale cybersecurity incidents and crises.

The new rules will promote a common baseline while respecting existing practices and investments as much as possible, states the Commission.

The model is hoped to be able to develop, follow and regularly review the methodologies of different stakeholders, considering the current mandates of different bodies in both the cybersecurity and electricity regulatory systems.

Have you read:
Cybersecurity standards to be developed for EU distribution systems
US developing uniform guidance on distribution cybersecurity

Although there is already a comprehensive overall legal framework for cybersecurity, the energy sector presents areas in need of renewed attention, including:

• Real-time requirements

Energy systems need to react at a speed that removes the need of standard security measures, such as authentication of a command, or verification of a digital signature, due to the delay these measures impose.

• Cascading effects

Electricity grids and gas pipelines, states the Commission, are strongly interconnected across Europe and beyond the EU. An outage in one country might trigger blackouts or shortages of supply in other areas and countries.

• Combined legacy systems with new technologies

Many elements of the energy system were designed and built before cybersecurity considerations came into play. This legacy now needs to interact with the most recent state-of-the-art equipment for automation and control, such as smart meters or connected appliances and IoT-connected devices, without being exposed to cyber-threats.

Foreseen under the Electricity Regulation (EU) 2019/943 (Article 59) and in the 2022 EU Action Plan to digitalise the energy system, the delegated act is now subject to scrutiny by the EU co-legislators.

With the announcement from the Commission, the dossier now passes to the Council and European Parliament to scrutinise the text over a period of up to four months for objection.

The rules will enter into force once this period is over.

Other top initiatives are renewable energy integration, grid modernisation and microgrids and disaster response and recovery plans.

Furthermore, the utilities are adopting new approaches to improve outage recovery times through advanced networking, with predictive maintenance analytics topping the list, followed by smart grid technologies and enhanced communications, as well as the use of drones and robotics to inspect assets.

Phil Beecher, President and CEO of the Wi-SUN Alliance, comments that extreme weather events are fast evolving from a rare occurrence to something that should be built into the risk profile of any utility company.

Have you read?
ESB Networks to use digital twin to mitigate weather impacts on the grid
Extreme weather pushes power grids to the brink – Is AI the answer?

“The emergence of smart grids, microgrids and other technologies, like predictive maintenance and fault finding, offers a way of controlling costs while increasing resilience and stability to help mitigate the impact of outages.”

But, he adds, “technologies like this are only as good as the underlying communications network to provide reliable and secure delivery of the data needed to deliver a truly smart grid.”

The research was conducted among more than 250 senior professionals in the US utilities and power sectors and highlights the role of new tools and technologies to help improve resilience and outage recovery times as weather events and environmental disasters become commonplace.

According to US Department of Energy data cited by the Wi-SUN Alliance, extreme weather conditions – from heatwaves to Arctic vortexes – have doubled power outages in the US over the past 20 years.

The research also founds that utilities recognise opportunities to integrate artificial intelligence technologies to address resilience, with viable use cases including energy consumption forecasting, automated fault detection and grid optimisation.

Looking ahead to the next five years building infrastructure resilience remains among the top issues, with others including security enhancement, customer-centric services, renewable energy integration and IoT integration and data analytics.

The study was conducted for the Wi-SUN Alliance by Censuswide in February 2024.

Through this partnership, GE Vernova’s Grid Solutions business will provide its global grid automation customers with Dragos’ cybersecurity solutions such as the Dragos Platform, Dragos Worldview threat intelligence, and incident response services, aiming to provide a holistic approach to safeguarding their critical infrastructure and other OT environments.

This initiative is meant to provide comprehensive OT cybersecurity solutions developed from both companies’ experience in the field. As part of this agreement, both companies will collaborate on product and technology integrations to offer more advanced functionalities, including:

Comprehensive asset visibility: The Dragos Platform, combined with GE Vernova’s grid automation technology, will offer visibility into OT assets within various industrial energy environments. The companies say this will enable organizations to strengthen their OT environment from future cyber-attacks by being able to inventory and monitor assets, track vulnerabilities, and use network monitoring to investigate issues and incidents.

Have you read?
US developing uniform guidance on distribution cybersecurity
Energy cybersecurity in 2024: Building accountability and responsibility

Proactive threat detection: Dragos’ OT threat intelligence, combined with its real-time monitoring system, will provide threat detection and monitoring capabilities to help GE Vernova’s customers identify and mitigate potential risks before they impact operations within critical infrastructure.

Rapid incident response: By combining Dragos’ incident response experience with cybersecurity offerings, the companies say critical infrastructure providers will be able to respond swiftly and effectively to minimize downtime and maintain operational continuity.

Global threat intelligence: Leveraging Dragos Threat Intelligence, GE Vernova will be able to offer its customers visibility into adversary threats, malware, and vulnerabilities impacting industrial sectors.

“We’re dedicated to providing cybersecurity products, solutions, and services that help our customers protect their digital substations and other OT environments from cyber threats,” said Claudia Cosoreanu, Grid Automation Chief Technology Officer at GE Vernova’s Grid Solutions Business. 

“Our partnership with Dragos combines decades of industry-leading expertise in industrial cybersecurity and grid solutions, empowering our customers to defend against cyber threats and strengthen their cybersecurity posture.”

Originally published on power-grid.com

Providing a comprehensive understanding of grid orchestration, its challenges, and the transformative potential it holds, this eBook focuses on:

1. Grid Orchestration: The art of harmonising diverse energy sources, demand patterns, and grid infrastructure.
   • Explore the role of artificial intelligence, machine learning, and predictive analytics in optimising grid operations.
     
2. Decentralisation: The shift toward decentralised energy production.
   • Decentralised grids empower local communities, enhance resilience, and reduce reliance on centralised power plants.
     
3. Smart Grids: Smart grid technologies, including advanced sensors, real-time data analytics, and demand-side management.
   • Smart grids enable efficient load balancing, fault detection, and self-healing capabilities.
     
4. Cybersecurity Challenges: Grid orchestration faces cybersecurity threats due to increased connectivity.
   • The importance of robust security measures to safeguard critical infrastructure.
     
5. Renewable Integration: Integrating renewable energy sources seamlessly into the grid.
   • Addressing challenges related to intermittency, storage, and grid stability.
     
6. Policy and Regulation: Policy frameworks and regulatory aspects influencing grid orchestration.
   • Balancing innovation with compliance is crucial for a sustainable energy future.

Watch the latest interview with Microsoft:
Accelerating the energy transition with Artificial Intelligence

“Orchestrating the Grid” eBook, serves as a roadmap for energy professionals, policymakers, and researchers. By embracing grid orchestration, together we can create a resilient, efficient, and sustainable energy future.

North America’s National Association of Regulatory Utility Commissioners (NARUC) partnered with the US Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response (CESER) to develop a set of cybersecurity baselines.

Coupled with forthcoming implementation guidance, the baselines are intended as resources for state public utility commissions, utilities and DER operators and aggregators, encouraging alignment across US states on energy cybersecurity.

Regulatory oversight of electric distribution systems and DERs occurs at the state level in the US. The guidance developed by NARUC through CESER’s funding, will help provide states with uniform cybersecurity baselines instead of a patchwork of cybersecurity requirements across the country.

Further, the baselines will enable electric companies and DER providers to work with state utility commissions and energy offices, boards and communities to prioritise cybersecurity investments across the US.

The guidelines, to be developed in 2024, will include recommendations for assessing cybersecurity risks and prioritising assets the baselines might apply to.

“Safeguarding America’s energy infrastructure and advancing US cybersecurity capabilities is critical to achieving President Biden’s ambitious climate goals,” said US Deputy Secretary of Energy David M. Turk in a DOE-issued release.

“Today’s announcement underscores the Biden-Harris Administration’s commitment to working with key partners, like NARUC, to develop vital cybersecurity solutions and strengthen the resilience of America’s electric systems.”

Have you read:
Energy cybersecurity in 2024: Building accountability and responsibility
Cybersecurity standards to be developed for EU distribution systems

The growing cyber threat

The baselines represent the growing urgency of cybersecurity across sectors in the US.

In the DOE’s statement on the baselines, they state that cyber threats have been increasingly sophisticated and target critical energy infrastructure more frequently than ever before.

Earlier in February, the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI) released a cybersecurity advisory on the threat posed specifically by cyber actors sponsored by the People’s Republic of China.

The advisory assessed that these Chinese state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against US critical infrastructure, including energy, in the event of a major crisis or conflict with the country.

The assessment was based on observations from incidents at critical infrastructure organisations compromised by the cyber group known as Volt Typhoon, warning infrastructure organisations, such as the DOE, of the threat.

According to the advisory, agencies observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years, conducting pre-exploitation reconnaissance to learn about the target organisation.

According to NARUC, the initiative recognises that cybersecurity is an integral underpinning of power system resilience and builds on work that states have undertaken over the last decade to mitigate risk across their critical infrastructures.

The cyber baselines are based on DOE’s work on energy sector cybersecurity and the US Department of Homeland Security’s Cybersecurity Performance Goals (CPG).

NARUC convened a steering group of industry and government subject matter experts, including electricity sector owners and operators, state regulatory agencies, cybersecurity experts and others to inform the baselines.

According to the report from Airswift, which surveyed 12,000 energy professionals across oil and gas, renewables, power, nuclear and petrochemicals, 30% of power professionals already use AI – slightly ahead of the energy industry average of 27%.

A further 12%, states the report, are expecting to adopt AI within six months. Within the 86% of those positive of its impact, many are anticipating an uplift in their productivity (78%), improved career progression opportunities (64%) and spending more time with family and friends (59%).

Nearly all respondents to the GETI 2024 report say AI will increase demand for skills, with two-thirds (64%) of power professionals expecting AI to increase pressure on them to acquire new skills. Technical skills such as programming, software engineering, data science and machine learning are where power professionals perceive the greatest demand.

When exploring the relationship between potential skills development opportunities and expected future demand, initial findings highlight cybersecurity as an area the industry may need to proactively develop to shore up skills. Notably, cybersecurity is considered a key risk to greater AI use, alongside a reduction in the human touch, and a lack of training leading to misuse or poor adoption.

Have you read:
Energy cybersecurity in 2024: Building accountability and responsibility
EU and Ukraine to exchange best cyber practices for energy security

The report also found the need for soft skills like critical thinking, problem-solving and creative thinking, which are expected to increase, highlighting the unique human capabilities that complement AI technologies.

Janette Marx, CEO of Airswift, said in a release: “Power professionals are not only receptive to the evolving technological landscape, but also are keen on upskilling in areas like AI, machine learning, programming and IT. This presents a significant opportunity for hiring managers to attract and retain talent by fostering an environment of continual learning and skills development.”

Salaries and global mobility

Despite experiencing steady salary growth, with 54% of power professionals reporting an income increase, surpassing pre-pandemic levels, the workforce remains dynamic in seeking career advancement opportunities.

A staggering 91% of professionals are open to changing roles within or even outside the energy sector. Renewables remains the alternative sector of choice (54%), followed by oil and gas (36%). Beyond energy, 35% would move to the technology sector with manufacturing becoming steadily more attractive, rising 7 percentage points since 2022.

These findings come during a unique phase of salary stability, with 77% of professionals expecting a further increase in income, complemented by a similar optimism among hiring managers. This financial stability coexists with a high mobility mindset, with 83% of professionals open to relocation.

Janette Marx, CEO of Airswift, added: “Though most in the sector are open to moving roles, we know they prize career progression, and hiring managers have a great chance to boost retention by giving professionals opportunities to develop the skills identified.”

With cyber attacks on the rise, organisations need to be doing everything they can to meet the growing challenges these more common cyber threats present. The seemingly obvious fix would of course be to recruit those with the necessary cybersecurity skills to protect against these threats.

However, many companies are also contending with the wider cybersecurity skills gap, making this potential solution to growing cyber risks a dead-end road, particularly for those without the budgets and investment needed to beat other competition to hiring the best talent.

Take the UK for example. In the government’s latest report, 50% of all UK businesses have a basic cybersecurity skills gap, with cybersecurity leads unable to deliver basic tasks such as setting up firewalls or detecting malware. Meanwhile, 33% of UK businesses are also experiencing an advanced cyber skills gap, in areas such as forensic analysis of breaches or implementation of security architecture. To make things worse, these figures are similar to 2022 and 2021, with over 160,000 cybersecurity job postings in the last year.

Have you read?
EU and Ukraine to exchange best cyber practices for energy security
Hacked data from Germany’s dena has been published on the darknet

So, if recruiting new talent to meet these evolving threats is not a viable option, what is? To start, it’s recognising how the roles and responsibilities for cybersecurity best practice have changed.

Looking beyond the cyber skills gap hurdle

In the past, cybersecurity was a specific job function. Now, it has developed into a problem, that can only be dealt with by integrating cybersecurity responsibility into line functions and staff functions across an organisation.

If we apply that thinking to the power sector specifically, it paints a concerning picture. Ten years ago, C-suite level personnel from grid operators would predominantly be engineers, with a thorough understanding of grid technology and operations, and a level of knowledge of potential cyber risks and threats. However, it should also be noted that this was primarily on the operational technology (OT) side, rather than information technology (IT), so the understanding of how the two interacted from a security perspective was still in a relatively immature phase.

Today though, C-suite level employees of grid operators predominantly have consultancy or financial backgrounds, due to the change management and financial challenges for grid operators, imposed by the energy transition.

Whilst this can perhaps be understood from a business perspective in terms of financial prudence, it poses cybersecurity challenges. A widely chosen solution for this problem has until now been to create the chief information security officer (CISO) role and to delegate the cybersecurity responsibility to the CISO. However, this is increasingly becoming insufficient as a standalone solution.

CISOs are usually not board members, meaning they lack the board level budget and decision-making power, which can therefore create barriers to implement the changes needed across the business to boost their cybersecurity defences.

As such, it is now incumbent upon all employees across the company to do their bit on the front line in the war against cyber. With the cyber threat landscape having evolved so much, including the exponential growth of touchpoints that cyber hackers can exploit in the everyday tech we use in our working lives, this is now more important than ever.

Building out accountability and empowering CISOs

To bring cybersecurity strategies up to date, in the face of an ongoing skills gap and regulatory restraints in the energy market where justifying the return on investment in skills can be challenging, two aspects are now critical.

First, cybersecurity responsibility and accountability must be appointed across organisations with external third-party support where needed. Second, security specialists must be empowered to independently develop and provide input to decision-makers, or even block decisions affecting cybersecurity when necessary, to maximise scrutiny of their cybersecurity decisions to ensure best practice.

Whilst still limited in its impact in Ukraine, cyber skills have developed into weaponry for war, and power grid operators are already being caught in the crossfire. The investments in knowledge and skills development by nation states can clearly not be matched by grid operators, but nonetheless will still be exposed to their attacks.

To create the knowledge and skills required to deal with the complexity and scale of these attacks, new collaborative ways of working are needed to build and maintain this knowledge and skills level. Operational teams are responsible for performing risk analysis within their scope of responsibility.

More specifically, responsibilities and decision-making authorities need to be clearly assigned. For each job function, dedicated security knowledge and skills requirements should be identified and addressed in clear and pragmatic training and development programmes.

At the European Cyber Security Network (ENCS), we have identified the need for operational functions, staff functions and management functions, as well as developing a dedicated training portfolio for grid operators, to reflect the holistic approach to meet modern cyber threats. We have also seen demand for this training from other critical infrastructure sectors including gas, water and transport too.

OT cybersecurity specialists, who are key to the knowledge and skills building process, should not necessarily have responsibility for security, but need to be sufficiently empowered.

If cybersecurity specialists in a staff position are assigned responsibility for certain security functions, they still do not have the decision making power or budgets that sit with C-suite level colleagues; they cannot make things happen, incentivise desired behaviour and ultimately create the scale of change required.

As a result, unless they are empowered, we may see many colleagues with all the right intentions getting frustrated and looking for other opportunities, having a knock-on effect on retention of cybersecurity experts in the power sector especially. Instead, we need career paths and incentives, including financial, for OT experts similar to IT security experts.

Maximising expertise, empowering retained talent

There are always ways in which we can be nimble to adapt to growing threats, despite competition for employers to recruit top cybersecurity talent, especially for many European grid operators.

However, beyond the four walls of the grid operators themselves, we must also see regulatory changes and utilities must continue to pressure for change, both individually and through membership groups like ENCS.

At the same, this doesn’t diminish the importance and urgency of doing everything they can in the meantime to improve existing security through a more collective, collaborative approach and empowering existing talent.

About the Author

Anjos Nijk is managing director of the European Network for Cyber security (ENCS).

Nijk is also a member of the steering committee of the smart grids task force of the European Commission’s Directorate-General for Energy (DG ENER) and a member of the network and information security platform of the Directorate General for Communications Networks, Content & Technology (DG CNCT).

The hack, performed by recently shut down hacker group Blackcat, occured on November 13, 2023, and saw the Agency fall victim to a ransomware attack. Central servers were compromised and partially encrypted.

During the attack, the hackers were able to copy dena files and publish them on the darknet. After this incident became known, dena immediately started an examination of the illegally published data; a test which is ongoing.

Results of the investigation have already revealed that the attack may have affected personal data such as:

• Contact and communication data
• Bank details
• Information about organisational affiliation and function/position in the organisation
• Customer history information
• Personnel data, such as:
  • Date of birth
  • Personnel number
  • Date of entry and exit
  • Working time model
  • Date of birth and information on income tax classification such as tax ID, tax class, denomination, child allowance (as of 2013/2014)
  • Information on remuneration and promotion
  • Information on participation in training, etc.
  • Further training offers from dena as well as documents from the application process and employee discussions

Have you read:
Ransomware attack hits Schneider Electric sustainability division
Sandworm unveiled as October 2022 Ukraine infrastructure hackers

The attack

After an examination of the stolen data sets, dena informed those affected by the publication as to which of their data could be affected.

The Agency has stated in a release that they are in close contact with the Federal Ministry for Economic Affairs and Climate Protection (BMWK) and other government agencies, calling in service providers to analyse the incident and set up protective mechanisms.

According to the Agency, at the time of the incident in November, to avert danger all dena servers were immediately shut down. The public was informed about the attack the following day.

Hacker group BlackCat claimed responsibility for the attack, following their pattern of threatening to publish data if ransom demands were not met.

Three weeks after the incident, the group listed dena as a blackmailed company on its website and announced that it would publish data. A short time later, BlackCat’s websites were no longer accessible.

An international investigative group led by US authorities shut down the hacker group at the beginning of December, 2023.

However, hacker group Lockbit then emerged shortly afterwards and announced that it was in possession of the stolen dena data and would publish it.

The ultimatum given initially went without further action.

Founded in 2000, dena has to date launched approximately 1,500 projects worldwide for the energy transition, has 96 projects currently in implementation, employs 550 staff members and assists public and private sector clients with energy transition services.

As a think tank, the Agency studies the challenges of building a climate-neutral society and supports the German government in achieving its energy and climate policy objectives.

The company said In a statement that the cyberattack impacted division-specific systems, including its Resource Advisor software, which provides energy data monitoring services.

The Resource Advisor platform is used by over 2,000 companies to interpret their energy and sustainability data.

Specifically, Resource Advisor enables customers to centrally manage their ESG, sustainability and energy data, aiming to simplify the process of tracking and interpreting data, reporting and identifying areas of opportunity.

The company stated that its Global Incident Response team was immediately mobilised to respond to the attack, contain the incident and reinforce existing security measures.

Have you read:
Sandworm unveiled as October 2022 Ukraine infrastructure hackers
UK and Australian energy trading portfolios in attempted hack

According to cybersecurity news website BleepingComputer, Cactus Ransomware has claimed responsibility for the attack.

Launched in March 2023, Cactus ransomware sees threat actors breach corporate networks through purchased credentials, partnerships with malware distributors, phishing attacks or by exploiting vulnerabilities.

Once network access is gained, explains BleepingComputer, they quietly spread to other systems while stealing corporate data on servers.

The incident comes as cybersecurity in the energy sector is increasingly recognised as a key priority in need of higher levels of safeguards.

Both for third party software and service providers as well as utilities, attacks have been on the increase across the sector.

According to International Energy Agency commentary, cyberattack trends pose “an unprecedented threat to critical infrastructure, such as electricity systems.”

The IEA adds that as utilities increasingly use digital tech to better manage infrastructure, risks abound.

Digital systems, telecommunication equipment and sensors throughout the grid increase utilities’ exposure, as each element provides an additional entry point for cybercriminal organisations.

The funding opportunity will be available to public and private sector stakeholders, universities and DOE’s National Laboratories and will help advance innovations that strengthen the resilience of energy systems, including the power grid, electric utilities, pipelines and renewable energy generation sources like wind or solar.

“Making smart investments in America’s energy systems today is essential to ensuring they’re more reliable and resilient against tomorrow’s threats, while also reaching President Biden’s ambitious clean energy and climate goals,” said US Secretary of Energy Jennifer M. Granholm.

“As we build our clean energy future, these investments will help save money in the long run by identifying and developing innovative solutions that ensure our nation’s energy infrastructure can withstand emerging threats and the challenges of a changing world.”

Have you read:
Cybersecurity standards to be developed for EU distribution systems
NYC faces a looming reliability risk, grid operator warns

Proposed topic areas for projects include:

• Cyber research and development projects to advance cybersecurity and reduce cyber risks to energy delivery infrastructure.
• Climate mitigation research and development projects to create and implement innovative solutions that will reduce the impact of climate effects on energy transmission and reliability.
• Wildfire mitigation research and development projects to harden infrastructure against wildfires, enabling electric utilities to build resilience, operate through extreme events and enhance rapid recovery.
• University-based research and development projects to improve the cyber and cyber-physical security posture of the electric sector through the integration of university-based research.
• Physical security research and development. The US DOE cites threats to utility power stations, such as vandalism, sabotage and ballistic damage, as well as how current approaches to prevent these attacks, including video surveillance systems, access control, and physical barriers, are not enough to minimise intrusions and damage.

Awardees will span all types of energy delivery infrastructure and will address a diverse array of potential threats across energy production, generation, transmission and distribution.

Managed by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), up to 25 research, development and demonstration (RD&D) projects are expected to win funding under this opportunity, ranging from $500,000 to $5 million.

DOE encourages diverse teams from universities, nonprofit and for-profit companies, national laboratories, state and local governments and tribal nations to apply.

These devices have proven to be an effective tool to reduce the financial losses of electric companies, especially when combined with cellular networks, given all the advantages LTE broadband cellular connectivity offers. 

But how exactly do smart meters using cellular networks turn the tide against energy losses for electric utilities?

Cellular broadband-enabled smart meters provide a comprehensive set of technologies that play a crucial role in supporting the energy theft reduction plan.

Have you read?
Gridspertise acquires Nordic metering provider Aidon
Smart meters crucial for flexibility savings finds Cornwall Insight

These advanced meters offer various features and capabilities that enhance data collection, analysis and communication, enabling utilities to detect and prevent energy theft effectively.

Let’s delve into the detailed technology information plug in and find out.

AMI 2.0: Automating consumption readings with smart meters

First, broadband-enabled smart meters are part of an Advanced Metering Infrastructure (AMI) network. This network facilitates two-way communication between the utility and the smart meters, enabling the exchange of data and commands remotely, allow an accurate and automated reading of each user’s electricity consumption.

Conventional meters often require technicians to read and record energy consumption periodically manually. They monitor the energy consumption for each user, residential, commercial and industrial. Smart meters can send consumption data directly to the utility via cellular networks. They communicate consumption data seamlessly to utilities through cellular networks, eliminating costly travel expenses and reducing human errors associated with manual readings as well as carbon footprint, accident risks, traffic, etc.

Real-time monitoring and interval data recording 

Broadband-enabled smart meters record consumption data at regular intervals (e.g. every 15 minutes), providing granular details about energy usage. This level of precision is crucial for detecting anomalies and identifying irregular consumption patterns associated with energy theft.

As well as automating readings, smart meters provide a granular snapshot of energy consumption, updated in real-time. Smart meters provide users with detailed insights into their energy usage, allowing them to make informed decisions to reduce consumption and adjust their habits accordingly. This encourages energy efficiency, reduces peak demand, helps utilities avoid grid overload situations, and reduces operating and infrastructure costs for the utility.

Securing reliable communication with cellular networks

Key to the success of smart meters is their integration with cellular networks, offering wide continuous coverage, stable connectivity and reliable data transmission from meters to utilities.

In addition, cellular networks deploy advanced security protocols to protect the integrity and confidentiality of the transmitted data, lending an extra layer of assurance.

Cellular broadband connectivity for enhanced efficiency 

A game-changer for smart metering lies in broadband’s enhanced data transmission capacity in LTE cellular connectivity. Broadband provides greater high-speed data transmission capacity allowing the development of new applications or use cases for smart metering and AMI solutions.

Fraud detection: combating electricity theft and enhancing reliability 

Broadband-enabled smart meters are equipped with tamper detection mechanisms. These meters can detect physical tampering attempts, such as bypassing or manipulating the meter. In such cases, the meter can generate alerts to notify the utility of potential theft incidents. Deploying smart meters using cellular networks can also improve detection and response to electrical fraud, including real-time transmission of energy consumption anomalies.

They could point to illegal connections or tampering with the grid by identifying unusual consumption patterns and inconsistencies. Early detection allows utilities to take swift action, reducing economic losses and maintaining a reliable power supply for consumers, leading to greater customer satisfaction and cost-efficiency.

Data analytics

The abundance of high-resolution data collected by broadband-enabled smart meters can be processed and analysed using advanced data analytics and machine learning algorithms. These algorithms can identify specific patterns and trends indicative of energy theft, such as sudden spikes in consumption or abnormal usage patterns during certain hours.

Through the AMI network, broadband-enabled smart meters allow for remote disconnect capabilities. If energy theft is suspected, the utility can remotely disconnect the service, preventing further unauthorised consumption until the issue is resolved.

Additionally, smart meters with load limiting capabilities can restrict energy supply when abnormal consumption is detected, further deterring potential theft. The data collected from broadband-enabled smart meters can be integrated with geospatial mapping tools, allowing utilities to visualise consumption patterns across different areas. This visualisation can help identify specific regions or neighbourhoods with suspicious energy consumption trends, effectively targeting theft reduction efforts.

Customer engagement portals

Broadband-enabled smart meters enable customer engagement portals, where customers can access their energy consumption data in real time. This transparency empowers customers to monitor their usage closely and report any irregularities they observe, acting as additional eyes in detecting potential theft.

Machine learning

1. Anomaly detection: Machine learning (ML) algorithms can be applied to the vast amounts of data collected from broadband-enabled smart meters to identify abnormal consumption patterns that may indicate energy theft. ML models can learn from historical data and detect deviations from typical usage, raising alerts for further investigation. 
2. Predictive analytics: ML models can predict potential energy theft incidents based on historical data and usage patterns. This proactive approach allows utilities to take preventive measures before significant losses occur.
3. Load forecasting: Machine learning can be utilised to forecast energy demand accurately, helping utilities optimise grid operations, reduce wastage and identify discrepancies between the energy supplied and consumed.

Artificial intelligence (AI)

1. AI-driven customer engagement: AI-powered chatbots and virtual assistants can engage with customers, answering queries related to energy usage, billing and theft prevention. AI systems can provide personalised energy-saving tips, encouraging customers to be more vigilant about energy usage and report any suspicious activities.
2. Cognitive analytics: AI-based cognitive analytics can analyse unstructured data, such as text or voice recordings, from customer complaints and feedback. This helps utilities gain insights into customer sentiments, enabling them to enhance service quality and address concerns proactively.
3. Predictive maintenance: AI algorithms can analyse data from smart meters and other grid equipment to predict maintenance needs. Timely maintenance can prevent malfunctions and potential tampering, reducing the risk of energy theft.

Distributed intelligence

1. Decentralized decision making: Distributed intelligence allows smart meters to make autonomous decisions at the edge of the network, reducing the need for constant communication with a centralised system. This facilitates quicker responses to anomalies and potential theft, even during connectivity issues.
2. Load balancing: Smart meters equipped with distributed intelligence can collectively optimise energy distribution and load balancing within local neighbourhoods, enhancing grid stability and efficiency.
3. Peer-to-peer energy trading: Distributed intelligence can enable peer-to-peer energy trading between neighbouring consumers, promoting energy sharing while minimising the risk of unauthorised consumption.

Edge computing

1. Real-time data processing: Edge computing enables data processing and analytics to be performed at the edge of the network, reducing latency and enabling real-time insights from smart meter data.
2. Localised anomaly detection: With edge computing, smart meters can detect anomalies locally, triggering immediate actions such as load limiting or disconnecting in response to potential theft, without relying solely on central systems.

Enhanced security

Broadband-enabled smart meters incorporate robust security protocols to protect data integrity and prevent unauthorised access.

Data encryption and secure communication channels ensure that customer data remains confidential and safe from cyber threats. Applying edge computing enhances data security by processing sensitive information at the device level, reducing the risk of data breaches during transmission to central servers.

Cross sector applications

1. Real-Time anomaly detection and load limiting: Using machine learning at the edge, smart meters can detect anomalies in real-time and initiate load limiting directly to prevent unauthorised consumption.
2. Predictive maintenance with AI: AI-driven predictive maintenance can anticipate potential tampering attempts, leading to proactive maintenance interventions.
3. Cognitive analytics for customer engagement: AI-powered cognitive analytics can be integrated into customer engagement portals to provide personalised energy efficiency recommendations and identify trends in customer reports related to energy theft.
4. Load forecasting with distributed intelligence: Distributed intelligence can optimise load forecasting by considering local energy consumption patterns and adjusting demand predictions accordingly.

Conclusion

In summary, smart meters using cellular networks offer several benefits that reduce economic losses for electric utilities. These devices enable automated and accurate readings of electricity consumption, promote energy efficiency, improve electrical fraud detection, and ensure reliable and secure communication between meters and the utility.

By incorporating machine learning, artificial intelligence, distributed intelligence and edge computing into the energy theft reduction plan empowers utilities to proactively detect and prevent theft, optimise grid operations and enhance customer engagement.

By leveraging these cutting-edge technologies, utilities can create a smart, secure, and efficient energy ecosystem for sustainable growth.

Using AMI 2.0 technologies and cellular connectivity, utilities can optimise their operations, reduce meter reading costs, encourage energy efficiency, improve fraud detection and upgrade their role from reactive to proactive troubleshooting.

About the author:

Marcos Aurélio Ribeiro is Head of Business Development & Product Management at Easymetering LLC, with responsibility for driving the success, growth and client satisfaction at Easymetering LLC.

Easymetering is a provider of AMI and smart metering solutions for utility companies worldwide.

The tighter collaboration between ENCS, a European non-profit owned by grid operators, and the EU association for distribution system operators will work to increase the resilience of Europe’s power system against cyber-attacks.

Under an MoU, ENCS and EU DSO Entity will share knowledge as well as best practices in the field of cybersecurity. Both organisations will combine strengths with the intention of supporting the deployment of secure European distribution grids.

The cooperation will allow EU DSO Entity to utilise the expertise of ENCS and bind it with its workstreams to strengthen the development of good practices and security solutions for all European DSOs.

The agreement will also enable ENCS to expand its expert knowledge pool and enlarge the community for trusted information and knowledge sharing.

Have you read:
Action plan for Europe’s grids launched
Investment needed to keep grid fit for purpose says Enel Grids boss

Announcing the agreement at Enlit Europe in Paris, Anjos Nijk, managing director of ENCS, said: “From the very start in 2012 ENCS worked closely with the DSO domain due to the unprecedented cybersecurity challenges imposed by the roll-out of smart meters at a European scale.

“Now cybersecurity has developed into an integral challenge for the grid as a whole. In light of the energy transition and geo-political tensions, the need to cope with grid security at the European level working with the best grid security expertise available has become evident.”

Also commenting on the announcement, Peter Vermaat, Secretary General, DSO Entity, added: “As a very knowledgeable, independent, non-profit organisation, ENCS is a natural partner to us. Building on our existing relationships, we look forward to jointly work on good practices and pragmatic security solutions for all European DSOs.”

DSO Entity was established by the European Commission as part of its Clean Energy Package, providing expertise on distribution grids and containing a legal mandate that allows DSOs to contribute to developing and drafting network codes and other EU regulations.

Launched in 2021, the EU DSO Entity represents almost 900 DSOs (small, medium, and large firms) connecting more than 250 million electricity customers, servicing over 500 million consumers, across all 27 EU Member States.

ENCS brings together critical infrastructure stakeholders and security experts to deploy secure European critical energy grids and infrastructure.

ENCS uses its network in academia, government and business to provide cybersecurity solutions and counsel dedicated to the needs of national Distribution System Operators (DSO) and regulators.

The partnership, signed by ENISA, the National Cybersecurity Coordination Center (NCCC) and the Administration of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), aims to align cyber legislation implementation, including NIS2, especially in sectors such as energy and telecommunications.

The arrangement is broad in nature and covers short-term structured cooperation actions while paving the way for a longer-term alignment of cybersecurity policies and implementation approaches.

Beyond the area of energy, cooperation will also be sought to develop cyber awareness and capacity building to enhance cyber resilience, as well as knowledge and information sharing to increase common situational awareness, including a more systematic sharing in relation to the cybersecurity threat landscape.

Commenting in a release was EU high representative for Foreign Affairs and Security Policy/vice-president of the European Commission, Josep Borrell: “The malicious manipulation of information and cyber-attacks is a key element of Russia’s aggression against Ukraine. Well-known hybrid tactics are being exploited by Russia on a new massive scale, targeting not only Ukraine, but also the European Union.

“This makes today’s arrangement on enhanced cooperation for cybersecurity even more important. The arrangement is an additional essential component of our overall support to help Ukraine to defend itself against Russia and of our long-term commitment to Ukraine’s security.”

Have you read:
‘Living-off-the-land’ used for cyber espionage in US infrastructure hack
Ukraine energy company target of new malware wiper attack

European commissioner for Internal Market, Thierry Breton added that “The European Union will continue to support Ukraine in its fight against the Russian aggressor and on its path to membership of the European Union.

“Today, we bring our cybersecurity agencies closer, launching joint work on prevention of attacks on critical infrastructure, cybersecurity skills and capacity building.”

The announcement comes a week after the release of a detailed report from Google-owned US cybersecurity firm Mandiant, which illustrates how Russia-affiliated hacking group Sandworm was behind the October 2022 cyber attacks against Ukraine’s energy infrastructure.

According to Mandiant’s researchers, the multi-event cyber attack represents “the latest evolution in Russia’s cyber physical attack capability,” which they state has been made increasingly visible since the start of the war in Ukraine.

Commented State Service of Special Communications and Information Protection of Ukraine (SSSCIP) chairman, Yurii Shchyhol: “Cyberspace has become a full-fledged component of the war that Russia has waged against Ukraine. This war has also given the whole world a clear understanding that the civilized world only together can resist aggression in cyberspace.

“We are ready to exchange information and share Ukraine’s experience in the world’s first cyber war to help each country become stronger in the face of new threats.”

The Working Arrangement builds on the discussion initiated last year in Warsaw, Poland, during the EU-Ukraine Cybersecurity Dialogue and will be a key item at the next Dialogue.

A work plan will operationalise the Working Arrangement.

Don’t miss out on the most important energy transition conversations.

Join Enlit Europe in Paris.

Register now

The latest generation smart meters provide data to both the customer and the grid operator. Coupled with data from other grid-edge and grid-centric devices, smart meters are paving the way for a dynamically managed energy system for a net zero world.

But for system security, both the devices and data must be similarly secure, with protections against bad actors with criminal or worse intent.

Understanding how industry players are addressing smart grid security for distribution system operators, smart meter manufacturers, system integrators and other players, Smart Energy International talked to embedded software engineer Antoine Thomas, Product Line Manager for Mobility and Cybersecurity solutions at Thales.

Why is trustworthy data the essence of a successful smart grid?

Smart grids are a critical infrastructure and are now a key component of our societies globally and we need to have them secure and to have trust in the data they provide for many reasons, economic, public safety and more. For example, utilities need to ensure that the data collected from smart meters is correct, pertains to the correct customer and is billed correctly.

Grid operators who must ensure the balance between supply and demand need to ascertain that a fault or attack on a portion of the grid does not lead to a system-wide shutdown. They also need to have the trust to operate the grids remotely and that it is safe, that the equipment is ‘on’ when it is supposed to be, and that the data being received is trustworthy.

There is this double notion around the economic aspect but also the critical infrastructure element that the grids can be attacked and must be protected from such attacks. They can be damaging and put a country and people at risk.

“Smart grids are a critical infrastructure and are now a key component of our societies globally.”

What are the main standards and regulations for cybersecurity?

There are guidelines around the Internet of Things (IoT). In Europe and the US, institutions and governments have been putting in rules and recommendations around IoT in general, and, in some cases, regulation around critical infrastructure.

The European Commission has been extending its recommendations around IoT within Europe, specifically critical infrastructure security. I expect North America to follow, although the region is somewhat more complicated with the higher fragmentation among distribution companies.

In Europe, we also have the GDPR for personal data because of the collection of personal data when dealing with cybersecurity on smart meters. Another programme is the European Programme for Critical Infrastructure Protection (EPCIP).

All these bodies issue regulations and recommendations, and on top of that, there are different regulation bodies country by country potentially adding to the cybersecurity requirements, for example, BSI in Germany and ANSSI in France.

Therefore, we must follow certain sets of rules and regulations; however, our approach at Thales is to be ahead of the regulations. While it’s important to comply with security standards and practices, being pushed by regulation will always give a tough deadline to meet and implementing a strong cybersecurity system on a smart grid is not something one can do overnight.

As an example, quantum computing technologies potentially could break certain algorithms that are in use today but at Thales, we are already working on post-quantum algorithms and will have them ready to counter these threats.

What are the four main threats for an AMI/the four main principles for data security?

Firstly, only authorised entities can read the data. In other words, the ecosystem is composed only of devices that one knows and trusts so that only authorised data is fed in. For this one can put in place mutual authentication, which will ensure that all the equipment is trustable.

Then there is the need to trust in the source of the data, so one needs to have a strong device identity and well-diversified private keys. These will ensure that the security between the device and the system is not compromised, and the equipment is not tampered with, or the data intercepted.

“[…] implementing a strong cybersecurity system on a smart grid is not something one can do overnight.”

The third is the security of the data exchange between devices so the data must be encrypted. There also is the standard for metering data, the DLMS standard, which we are following to ensure that all the data is secured correctly.

The fourth is the updating of the algorithms and of the firmware of the devices in the field. A system is needed that is secure, trustworthy and convenient to use where there is a desire to push updates. With lifetimes of 20 years or more, if the system is too complex then the whole infrastructure would be exposed to vulnerabilities.

Why is lifecycle management so important in this ecosystem?

The lifecycle approach starts with manufacturing, and one needs to ensure that the way the keys are injected is highly secure. The diversification from one device to another is also important as one doesn’t want to use one key for a set of devices. If one key is compromised then the whole ecosystem is compromised.

Thereafter, the activation of the device needs to be managed.  When a device leaves the manufacturer’s factory it will have a set of keys but when the utility activates the device it may rotate the keys or load new keys so the security may not be the same in operation.

Then once in the field, the keys should be updated to avoid using the same keys in the same device for too long.

Finally, when the device is decommissioned, one needs to ensure that it is not updated again and if it becomes compromised it won’t impact the ecosystem.

The lifecycle of devices in the smart grid is very important, with updates at each stage of their life. In the case of smart meters already in the field, these usually have a set of keys and a system to update them but if they have a minimum level of security they can be provisioned on the Thales Trusted Key Manager platform.

What future proofing is enabled?

We know that cryptography is evolving fast and the phrase that is making the most buzz in the ecosystem today is ‘post-quantum’, which I mentioned earlier. Quantum computers are enhancing very much the cryptographic capacity of computers and most of the security algorithms that are in use today will be easily breakable so cryptographic researchers have been working on new algorithms that will be resistant to this type of computing power.

Theoretically, we are already able to update the cryptography we use for generating and securing certificates and keys using certain of these algorithms, as some are not yet fully implemented and more will be coming later.

The advantage of using a platform like ours is that utilities would be able to rotate and update the keys to update the security level in their devices with whatever new cryptography will be issued in the market.

Today it is post-quantum and maybe in the future there will be another leap in terms of computing power or cryptography, but we always try to ensure that we are at the forefront to meet the demands across the energy industry.

We leverage our hardware devices, using a hardware security module (HSM)-based approach to secure many cloud-based solutions and can offer the latest cryptographic innovations to our utility customers.

Can the solution be extended to other edge devices or other systems?

We have deployed the platform so far in smart metering, but it was developed for the IoT in general and can be used for securing any type of device in any IoT ecosystem.

But there is also the need for similar levels of cybersecurity on the transmission and generation sides where the equipment tends to be both numerically smaller but more complicated.

To date, these businesses appear to have been less prone to attacks but it’s only a matter of time before people find out how to attack anything.

Can you describe any specific deployments?

We have several deployments in Europe as well as a few in Asia, where we are deploying the solution for advanced metering infrastructure.

In many cases, our solution is being deployed at the head-end system where we add the security layer to this device management platform. We also are integrating platforms from different smart meter vendors, and our solution was developed to meet this interoperability requirement.

A country in Eastern Europe has issued a new national regulation that all the utilities there will need to have their smart metering infrastructure secured in a certain way and following certain standards by 2026 and they have been focussing on updating the infrastructure and the security into this.

What is the future outlook as cyber attacks appear to be becoming both more frequent and more sophisticated?

We certainly see more and more cyber attacks coming but whereas up to now they have tended not to be publicised, we expect to hear about them more and more as people become increasingly aware of the potential political and other conflicts that they can bring.

That doesn’t mean that an individual company must report an attack but it can be communicated through a group or increasingly the attacker may report it.

With the types of attacks and the sizes and surfaces increasing, securing the ecosystem properly is the only way to try to stay ahead of the game in terms of cryptography.

View the latest Thales whitepaper:
How trusted key managers can protect smart meters from cyber attacks

Thales will be attending Enlit Europe in Paris from 28-30 November 2023, where you can connect with the team in person. Register for your free event pass here.

According to Mandiant’s researchers, the attack represents “the latest evolution in Russia’s cyber physical attack capability,” which they state has been made increasingly visible since the start of the war in Ukraine.

According to the researchers in a blog post, the October 2022 incident was a multi-event cyber-attack.

First, Sandworm used operational technology (OT)-level living off the land (LotL) techniques – which the NPO, Center for Internet Security (CIS), defines as “attacks involving the use of existing tools and tactics (within) targeted systems or networks” – in attempts to trip substation circuit breakers, which then caused an unplanned power outage.

The Sandworm-induced outage coincided with Russia’s mass missile strikes on critical infrastructure across war-torn Ukraine.

Have you read:
‘Living-off-the-land’ used for cyber espionage in US infrastructure hack
Ukraine energy company target of new malware wiper attack

Two days after the OT incident, states the researchers, “Sandworm later conducted a second disruptive event by deploying a new variant of CADDYWIPER in the victim’s IT environment.

“The techniques leveraged during the incident suggest a growing maturity of Russia’s offensive OT (operational technology) arsenal, including an ability to recognise novel OT threat vectors, develop new capabilities and leverage different types of OT infrastructure to execute attacks.”

Mandiant’s researchers add how the LotL techniques were used to decrease time and resources needed to conduct its cyber physical attack.

“While Mandiant was unable to determine the initial intrusion point, our analysis suggests the OT component of this attack may have been developed in as little as two months.

“This indicates that the threat actor is likely capable of quickly developing similar capabilities against other OT systems from different original equipment manufacturers (OEMs) leveraged across the world,” adds Mandiant.

According to Mandiant, Sandworm is a threat actor that has carried out espionage, influence and attack operations in support of Russia’s Main Intelligence Directorate (GRU) since 2009.

“The group’s long-standing centre focus has been Ukraine, where it has carried out a campaign of disruptive and destructive attacks over the past decade using wiper malware, including during Russia’s re-invasion in 2022.”

Protecting satellite imagery from fraud

Satellite imagery is becoming increasingly important as a source of data for energy and water utilities, as for other sectors also. But with the emergence of new AI-based techniques that could change such data concern is growing about its cyber protection.

To address this issue the European Space Agency (ESA) has engaged the French-Slovak blockchain startup 3IPK and space solution provider Thales Alenia Space to develop a solution for managing traceability and ensuring the integrity of Earth observation data under its FutureEO programme.

Until now, no solution has been capable of incontestably proving the provenance and integrity of such data. Furthermore, the increasing use of satellite data to support operational services and their global distribution calls for a robust solution to assure their traceability and thus guarantees their origin, reliability and use.

Have you read?
Battery Passport content guidance proposals for Europe
Motor Oil’s energy transition plan in Greece and the Balkans

The two companies intend to develop a blockchain-based solution that will ensure the traceability and integrity of the data through unique digital signatures, with an initial version of the solution to be delivered to ESA in the first half of 2024.

The blockchain technology will be adapted and tested on Thales Alenia Space’s Earth-observation processing chains including the production line for data from the Copernicus programme’s Sentinel-2 satellites, which are collecting various land monitoring and other data.

Citopia – a network for a global battery passport

The MOBI consortium, an alliance of vehicle manufacturers and others on mobility standards, has launched ‘Citopia’ as a decentralised marketplace on which in future global battery passports could be issued.

The Web3 based marketplace is built on self-sovereign identity standards to provide data privacy and other user protections, along with interoperability.

The requirement for a battery passport, which is mandated in the EU Battery Regulation and set to come in others, is based on the need for a standardised traceability framework to promote circularity, efficiency and resilience in the supply chain as batteries proliferate, particularly with their use in electric vehicles.

Information that would be included would be on the battery’s composition, its state of health, history and more. For example, the Battery Pass initiative has identified no less than 90 data attributes that could be included in a battery passport.

MOBI’s Circular Economy and Global Battery Passport working group is co-chaired by DENSO, Honda and Nissan and is focussed on creating the standards and developing a cross-industry interoperable global battery passport.

A high performance non-flammable battery option for warm climates

With concerns – some anecdotal at least – of battery fires on the increase a battery passport may be useful for monitoring – but an alternative is now being offered by the Massachusetts-based Alsym Energy, which has developed what it calls the industry’s first high performance, non-flammable battery storage technology suitable for warmer climates.

Such climates generally have abundant sun or wind and are thus ideally suited to renewable energy production. However, expensive, fire-prone battery technologies are serious impediments to ambitious plans for rapid growth.

“When it comes to lithium-ion batteries, the level of fire risk increases as the mercury rises,” says Alsym Energy CEO and co-founder Mukesh Chatter.

“Recent battery storage fires in Australia, France, and the US have required evacuations and shelter-in-place orders, and some cities are considering significant restrictions and even bans.”

Alsym Energy hasn’t divulged much information on its technology, beyond saying it is lithium and cobalt free and takes advantage of readily available materials that are inherently non-flammable and non-toxic, reducing the costs and increasing safety and sustainability.

Alsym Energy is targeting initially Middle East countries such as Saudi Arabia but prime opportunities would include much of Africa, central America and for example India.

Don’t miss out on the most important energy transition conversations.

Join Enlit Europe in Paris.

Register now

The project, which is being coordinated by the Fundacion CIRCE technology and research centre, is aimed to address resilience and reliability against failures, cyberattacks and physical and other disturbances with a clear picture of the threats and vulnerabilities and the development of a set of solutions.

Such solutions include an intelligent platform and the use of digital twins for the control room of the future to train future grid operators.

As part of the project, data confidentiality procedures and blockchain layers will be used to increase security and privacy in grid data management.

Have you read?
Grid modernisation top challenge for US utility executives
Energy Transitions Podcast: Redefining resilience for a modern power system

The project coordinator has reported that during the first year, the consortium has identified power and energy system assets and risks on both cyber and physical layers.

Additionally, the project partners have begun a collaboration on the prevention of cascading failures.

Over the upcoming months, the consortium partners intend to develop the final solutions to be deployed in the field, including digital twins, the intelligent platform and algorithms and strategies for secure grid operation modes.

These will then be tested and validated in four distinct demonstrations across Europe due to start in the first half of 2025 and aimed to ensure the applicability of the eFORT solutions to a wide range of grid scenarios.

In southern Spain, Cuerva Energia is leading a demo focussed on IoT, blockchain and cybersecurity in a substation and connected microgrid.

In the Netherlands, TenneT is leading a demo on the prevention of cascading failures and restoration of interconnected power systems at the TSO level.

In northern Italy, DP Selta is leading a demo on flexibility and islanding in mountainous and remote areas.

In Ukraine, the DSO JSC is leading a demo on digitalisation and secure design of a substation.

The €9.3 million (US$9.9 million) four-year eFORT project was prompted by a multitude of challenges to the grid posed by climate change, the green transition and human-induced hazards.

It brings together a 23-member consortium with representatives from the energy industry, universities, research institutes and consultancies from nine countries and runs to August 2026.

Don’t miss out on the most important energy transition conversations.

Join Enlit Europe in Paris.

Register now

The plan, which has been approved by the New York Public Service Commission, encompasses a range of actions including $6 billion in investments to enhance reliability, resiliency and customer service and to support the meeting of the state’s climate targets.

Its approval follows a more than a year-long engagement with a trimming of the original rate requests by nearly half and will result in the average residential customer’s monthly bill increasing by approximately $10 beginning November 1, 2023.

“The forward-looking plan we have adopted benefits customers and includes provisions that further important state and Commission objectives,” commented Commission chair Rory M. Christian.

Have you read?
New York greenlights Con Edison’s $11.8bn clean energy investment plan
Energy Transitions Podcast: Time to humanise energy

“With [the] decision, NYSEG and RG&E are required to pursue important energy efficiency initiatives among other progressive policies, to advance the goals of New York State’s nation-leading climate change targets, while mitigating bill impacts for most low-income customers, as part of New York’s energy affordability policy.”

NYSEG and RG&E president and CEO, Trish Nilsen, said the Reliable Energy New York plan “will allow us to make critical investments in our gas and electric infrastructure to improve reliability, expand our energy efficiency offerings, execute on important pilots to test new technologies to support our green energy future, and provide additional assistance to those who need it.”

Reliable Energy New York highlights

Among highlights of the plan is a continuance of the companies’ gas safety performance mechanisms in the areas of leak management, emergency response, damage prevention, gas infrastructure reduction or replacements, and compliance with safety regulations and procedures.

In addition, at least 130km of leak prone pipe must be replaced over the next three years and the residential methane detection programme continued.

At the same time the companies will continue their commitment to achieving a net zero increase in gas use and to consider suitable non-pipes alternatives to the construction of a new or replacement of existing pipeline.

Vegetation management is another important aspect and routine trimming, danger tree mitigation and reclamation of overgrown circuits will be stepped up.

The plan also requires the companies to develop their physical and cyber security posture to match the evolving state of the New York electric grid and the challenges to security, resilience and reliability that it faces.

The plan also increases the amount devoted to low-income customer assistance and to expand the language access programmes to ease communication for the immigrant communities, as well as to provide special protections against shutoffs and terminations during extreme cold weather.

NYSEG serves approximately 894,000 electricity customers and 266,000 natural gas customers in upstate New York.

RG&E serves approximately 378,500 electricity customers and 313,000 natural gas customers in the region surrounding the City of Rochester.

Electric vehicles are the future. As governments, companies and drivers accelerate the transition away from gas-powered cars, EVs are realizing exponential growth. The International Energy Agency (IEA) reports global sales exceeded 10 million vehicles last year and is set to grow by another 35% this year.

Charging stations are popping up at hotels, in parking garages, and alongside retailers. The IEA says more than 900,000 stations were installed worldwide in 2022, and the progress continues. According to the Department of Energy, more than 5,000 charging stations popped up in the US during the first quarter of 2023.

This momentum is excellent news for reducing emissions and dependence on fossil fuels, but realizing EVs’ full potential depends on building an infrastructure drivers can rely on. With millions more EVs expected on roads in coming years, it is imperative that charging stations are reliable and secured against cyber threats that could leave drivers stranded and compromise their data.

That puts a burden not just on charging station manufacturers, but also on utility companies.

Cybersecurity concerns range from potential payment data breaches to denial-of-service (DoS) attacks, and researchers have found some of these vulnerabilities in the wild. Addressing these concerns ahead of time can ensure the continued growth of EV adoption, uphold public trust and maintain the stability of the grid.

With proper foresight by installers and grid operators, and the right standards and compliance in place, the industry can ensure the cybersecurity of charging stations to power EV growth for the long haul.

Have you read?
Landis+Gyr acquires New Zealand’s Thundergrid
New study aims to test benefits of bidirectional EV charging

Why EV chargers are unique targets

Core infrastructure like power plants and water facilities are well guarded. Charging stations, on the other hand, are distributed infrastructure. They’re not monitored by utility workers who are always on-premise.

As unattended assets in public locations, EV chargers are more susceptible to physical tampering by malicious actors who could install skimmers or other devices to steal payment information from drivers. Similarly, false instructions could manipulate unwitting users. That’s a low-tech hack, but a potentially effective one — most EV drivers are still relatively unfamiliar with how charging stations work and may not notice if something is amiss.

This lack of knowledge makes drivers prime targets for phishing scams aimed at gaining credentials or payment information. Inconsistent standards within the industry further compound confusion and risk. Various models and networks operate differently, from connecting to a station to paying for a charge.

Unlike a gas-powered car, for which you could pay for a fill-up in cash, there’s a digital trail of breadcrumbs with EVs. The nature of the technology in the vehicles makes powering up more of an IT infrastructure dynamic. Add in that Mozilla says, “modern cars are a privacy nightmare,” and represent the worst product category ever reviewed, and there are plenty of reasons to be proactive about EV charger security.

Unsecured WiFi connections also pose a significant threat. Many stations rely on default credentials and private networks during installation. Although they are supposed to be transferred to 5G or other cellular networks after deployment, some novice installers don’t take this critical step. While back-end systems generally comply with standards like PCI, the charging stations remain exposed, particularly to remote access, if they’re left on an unprotected WiFi network.

Also of interest:
Gaps in EV codes tied to cybersecurity and grid interface issues

Where the grid comes into play

Utilities can learn lessons from the early days of residential solar, when a new draw on the grid changed power consumption trends and made financial models unpredictable. To relieve those liabilities, utilities have to create interconnectivity. Unfortunately, interconnectivity can lead to security vulnerabilities.

Data and intelligence can give utilities visibility into what to expect and when to expect it. For example, a DC fast charger could require inputs up to 1,000 volts and 500 amps — if a new EV network comes online, a utility would want to understand the implications of that. Timing is a critical component, especially considering the variations in peak and off-peak energy costs.

Utilities can get deeper visibility via several technologies like smart meters that allow the EV network to have two-way communication with the grid. This would create SCADA and other integration, machine integration, and the ability to implement a protocol to implement emergency load curtailment.

While metering integration is the path to reducing liability, it also opens the door to security risk, so utilities need to adhere to energy system compliance when connecting the EV charging networks to the grid. Beyond that, the chargers themselves need protection.

How to secure stations

Physical defences, like security cameras and locked connections between the charger and grid, can deter bad actors from physically accessing stations. Regular audits of stations should also be conducted to identify any potential tampering.

Intelligent back-end monitoring can provide insights into session mechanics, like whether a user tried multiple times to charge their vehicle or if they were misdirected. Any sudden spikes in failed authorization attempts or other suspicious activity can trigger alerts.

Clear instructions and education for drivers are equally important. Well-designed signage, quick on-screen tutorials, and customer service will reduce confusion and susceptibility to phishing or rigged stations. Using an app to authorize payment for vehicle charging can also reduce the risk of a system hack.

Beyond the standard suite of security solutions usually applied to the IT landscape, providers should develop procedures for onboarding and offboarding clients and employees, auditing system use and access, and strong credential policies. They should also work with vendors that are ISO 27001 certified, although that certification is not considered law.

Thanks to groups like the National Rural Electric Cooperative Association (NRECA), the EV industry is driving toward a compliance standard. As best practices like ISO 27001 emerge, EV charging networks must participate so collective security matures with the industry.

Building a secure foundation

Everybody looks at an EV charger differently, and those disparate perspectives are why chargers aren’t comprehensively secured. Some people think it’s just a plug like any appliance would have; others see it as a gas pump connected to a larger infrastructure. Sometimes, location hosts only have a charger because they’re compelled to by a local government agency.

Understanding an EV charger’s true capabilities, vulnerabilities and benefits could go a long way toward securing them properly. While guidelines do exist, their awareness and adoption remain limited so far. The industry is still prioritising deployment over proactive security, and that makes both EV networks and electrical grids vulnerable.

Standards specific to EV charging could encourage that mentality shift and improve reliability and delivery. Implementing requirements modeled after sectors that prioritise security, like finance and IT, would also be pragmatic. In the US, the National Institute of Standards and Technology (NIST) is reviewing public comments from its cybersecurity framework profile specific to EV chargers.

While governments may eventually regulate security, EV charging providers and utility companies have the opportunity to exceed these baseline requirements through thoughtful design. Prioritising cybersecurity before the scales tip will pay dividends as the EV future unfolds.

ABOUT THE AUTHOR:

As the president and chief technology officer at EOS Linx, where he founded and deployed the EOS network, Jeff Hutchins is responsible for maintaining the overall growth, health and maintenance of the network and its partners.

As the world’s growing need for energy meets the power of the Internet of Things, the traditional energy marketplace is rapidly transforming.

The whitepaper provides recommendations for Smart Meter and HES Vendors to deploy a secure AMI.

It highlights identified limitations of current security efforts and best practices to improve cybersecurity while simplifying metering roll-outs.

Read more

This whitepaper recommends that they build security at the beginning of smart metering deployments.

It is a guide to ensure data trustworthiness throughout the ecosystem and the success of the new energy-digitalized world.

Read more about our Smart meter cyber security solution.

The new Group, which was outlined in the digitalisation action plan of October 2022, was formally approved by the Commission on September 18 as a replacement to the Smart Grids Task Force to continue and extend its activities and its pool of expertise.

The role for the Group is to advise the Commission on initiatives and actions to coordinate and accelerate the digital and sustainable transformation of the EU’s energy system.

It should also assist the Commission in the development and deployment of smart energy solutions that support and are strategically aligned with the goals of the twin green and digital transition.

Have you read?
Digitalising Europe’s energy sector – the strategy
Creating data space with smart meter hubs

Working groups

To achieve these objectives, three subgroups are proposed.

The ‘Data for Energy’ (D4E) working group, also detailed in the digitalisation action plan, is intended to focus on providing recommendations and facilitating the exchange of best practices regarding the access to, sharing of, and (re-)use of energy-related data.

The ultimate goal is to support the Commission in laying the groundwork for a common European data space for energy.

The ‘Consumer Empowerment and Protection’ working group is aimed to bolster consumer engagement and empowerment, enabling them to actively participate in the energy market.

The group also will explore ways for consumers to benefit from smart energy services and innovative collective consumption/production models, helping them in energy conservation and bill reduction.

The ‘Cybersecurity’ working group is to provide recommendations and guidance to the Commission on cybersecurity for energy systems, including evaluating the ramifications of new legislative initiatives in the field and exploring how best to address related challenges.

Members

The Smart Energy Expert Group will be co-chaired by representatives of the directorates-general of Energy (DG ENER) and Communications Networks (DG CNECT) and is expected to consist of up to 80 members.

Statutory members are EU member states’ competent authorities invited by the Commission, the European Network of Transmission System Operators for Electricity (ENTSO-E), the European Network of Transmission System Operators for Gas (ENTSOG), the DSO Entity, the Agency for the Cooperation of Energy Regulators (ACER) and the Body of European Regulators for Electronic Communications (BEREC).

Other members, for which the public call is now open, are anticipated from organisations active in areas related to energy or digitalisation, including associations of energy system operators, energy suppliers and aggregators, energy regulators, telecom operators, energy and digital technology and service providers and manufacturers, financial institutions, standards development organisations and EU consumers associations.

The call for members, who are expected to serve for 5 years, closes on November 6.

The integration, believed to be a first for quantum-based cyber protection in smart meters, sees quantum computing-hardened encryption keys integrated into all Honeywell’s smart meters for gas, water and electricity.

This enhanced security is aimed to set a new benchmark for protection against data breaches and to help ensure the uninterrupted operation of the utilities infrastructure.

“By integrating Quantinuum’s encryption technology into our smart meters, we’re advancing data security for our customers and shaping the dialogue on how the utility industries should approach cybersecurity in the quantum era,” says Hamed Heyhat, President of Smart Energy and Thermal Solutions at Honeywell.

Have you read?
Ford and BMW investigate quantum computing to improve EV mobility
Cybersecurity: Don’t be a sitting duck for energy sector hackers

“This integration underscores the necessity for continuous innovation to stay ahead of the evolving threat landscape. It is a level of protection that is imperative in our increasingly digital and interconnected world.”

Quantinuum’s Quantum Origin generates keys through quantum computing-enhanced randomness – a feature of the quantum world – which makes them unpredictable and thereby able to significantly enhance the data security.

Specifically a quantum cryptographic seed is generated on a quantum computer, which is then verified for strength and the keys are generated.

Tony Uttley, President and COO of Quantinuum, comments that robust cybersecurity requires a multifaceted approach, taking advantage of the latest technologies.

“Our work with Honeywell demonstrates the importance of using the power of today’s quantum computers to create a more resilient cyber infrastructure to better protect customers.”

Quantum Origin is designed for both devices and infrastructure, with keys generated directly into devices or on demand via the cloud.

The smart meter products with Quantum Origin from Honeywell are available now to customers in North America and Europe.

Twenty years after the first publication of the IEC 61850 standard in 2003, the utility transmission and distribution businesses and operating environments have changed beyond recognition.

Then the first tentative steps into the digital world were taken with the digitalization of substations.

Though the concept of smartening and automating the grids was starting to emerge with the rolling out of smart meters, successive technological advancements have opened more new and innovative applications.

Alongside this, the transition to net zero is leading to the accelerated integration of utility-scale and residential distributed energy sources to the grids, while wide-scale electrification across sectors such as transportation, heavy industry and home appliances is introducing changes and uncertainties unprecedented for the system operators.

At the same time, the legacy communications technologies that have formed the foundations of power grids today, such as time division multiplexing interfaces, and analogue E&M interfaces used in devices such as relays and remote terminal units, have passed beyond the end of their technology lifecycle, necessitating replacement with next generation devices.

With these developments, IEC 61850 has been expanded to offer a one-stop utility automation framework to meet the complex challenges of operating a dynamic, distributed, intelligent, multivendor grid, both now and in the future.

What are some IEC 61850 use cases?

The first publication of IEC 61850 aimed to enable open and interoperable digital information exchanges for substation automation applications.

Today, with the expansion of the scope of IEC 61850, utilities can use it for automation between substations, for automation between substations, control centres and data centres and for a range of grid-related applications including condition monitoring diagnosis, the transmission of synchrophasor information, power quality and distribution automation.

These are significant developments for power utilities. For example, distribution automation in the feeder domain of distribution grids with the automation of monitoring, protection, and restoration to improve reliability, safety and efficiency at the distribution level.

Similarly, synchrophasor data opens the way to optimizing line capacities and efficiencies and facilitating integration with distributed energy resources.

As an example of such a use case, Dominique Verhulst, Global Energy Practice Leader at Nokia, cites a fire mitigation initiative by a US utility that draws synchrophasor data from several points on the distribution network, which is aggregated and analyzed to recognize breaking conductors and from where a goose message can be sent to the appropriate line switches to de-energize the line “before it hits the ground”, mitigating the risk of fires.

Such new use cases rely on the latest high bandwidth, low latency networks, which also offer the opportunity to implement a true multi-vendor environment.

“With the standardizations in these protocols it opens up the opportunity for utilities to step closer to multivendor interoperability for protection and control systems,” he says.

What are the steps to implementing IEC 61850?

Turning to the practicalities and technicalities of an IEC 61850 implementation, Hansen Chan, Product Marketing Manager for Digital Industries at Nokia, advises that the starting point for a utility is to evaluate the status of its communications infrastructure.

Some issues to consider include the right connectivity to support applications – such as distribution automation – that are both bandwidth intensive and latency sensitive, whether in the substation domain or in the wide area network and down to the last mile to smart meters in the feeder domains.

“With software playing a more and more dominant role in grid operation, communication reliability is key as without connectivity there is no visibility. Then the grid control system just would not function.”

Chan mentions that another key consideration is the “human layer” at the organizational level.

“Implementing IEC 61850 is a multi-disciplinary effort, so you need everyone to be on the same page and to work together towards a single vision. There are different teams that need to be involved not just on the communications side but for example in IT, as new software such as ADMS being delivered in a virtualized compute environment, the data centre network has become a critical part of the communication infrastructure foundation for IEC 61850.”

Verhulst adds that this multi-disciplinary requirement mirrors the trend in utilities of new talent hires who are familiar with these technologies at both hardware and software levels.

This will support the ongoing development of IEC 61850 with their ability to develop new solutions around it.

“Our expectation is that IEC 61850 will keep evolving towards more centralized protection and control and centralized remedial actions schemes that are relying on the more recent variants of the protocols such as the routed goose and sampled values that are becoming popular with utilities.”

What are the components of the IEC 61850 communication infrastructure?

IEC 61850 communications start from the station and process buses in substations and extend to the grid edge via the field area network (FAN) as well as to the network control centre and data center via the wide area network.

Thus, a reliable and functioning communication infrastructure is key.

Chan highlights the “service-centric approach” of Nokia, saying that it is an essential requirement of such a network foundation to support many different grid applications.

“There will be more and more applications coming for which one will need more and more network virtual segmentation and so one needs to have a communication network platform that allows them to be rolled out as required,” he says.

Chan also emphasizes the importance of incorporating broadband wireless access technology such as LTE into the service-centric network in order to deploy IEC 61850-based assets at the grid edge where fiber is not available.

Verhulst states that Nokia’s solutions are very comprehensive with radio access networks that allow individual private wireless infrastructures based on LTE or 5G to be built and are based on a “strong utility focus”, considering elements such as the backhaul requirements and the substation communication elements.

“Our implementation is an end-to-end IP/MPLS solution including a full series of substation and wireless fieldrouters, packet microwave and DWDM optical transport as well as the backbone networking infrastructure.”

He adds that cybersecurity concerns also have been considered and that secure encryption and key cycling are provided to safeguard grid communications.

What are the benefits of an IEC 61850 implementation?

Some of the stated benefits of an IEC 61850 implementation include the ability to roll out applications in a unified manner, interoperability with legacy devices and future-proofing for new technology integrations.

Verhulst says that utilities with which Nokia has worked on network implementations have seen improvements in SAIDI averaging between 30% to 50%.

Further, a JRC study on UK utilities found that they could save around £13 billion (€15.2 billion/$16.5 billion) in grid infrastructure investment with their implementation.

He also returns to the interoperability benefits, saying that Nokia sees IEC 61850 as clearly indicating the trend of utilities being able to “pick and choose” from among the vendors.

“It’s not going to be about whose hardware or software we should buy but more about who has the best to do what we need.

“And added value is going to come with the innovation from the vendors so it’s an interesting move that we will see more of ahead in the next five to ten years.”

Details on affected companies have not been released, although the company is conducting an analysis into potentially affected systems.

Energy One offers solutions and services, managing the “entire wholesale energy portfolio” for customers in energy trading and logistics, serving energy retailers, generators, users, customers and traders, ranging from startups to multinational organisations.

According to the company’s statement, immediate steps were taken to limit the impact of the incident. The company engaged cybersecurity specialists, CyberX, and alerted the Australian Cyber Security Centre and UK authorities.

As part of the company’s efforts to mitigate the effects of the attack, certain links were disabled between its corporate and customer-facing systems.

Have you read:
Cybersecurity efforts need to be stepped up, DNV reports
Washington maps clean energy cybersecurity plan

The company is currently coordinating an ongoing inquiry and response into the incident to determine what information and systems were affected.

Another priority, states the company, is determining the initial point of entry.

Commenting on the incident was Camellia Chan, CEO and co-founder of Flexxon, an AI cybersecurity specialist company, who stated that “the Energy One cyber-attack demonstrates the increasing risk threat actors pose to critical national infrastructure (CNI).”

According to Chan, CNI marks prime targets for cybercriminals as their “systems are underpinned by a myriad of complex devices, meaning the consequences if these are infiltrated can be devastating and put real people at risk. For example, SSE supplies gas and electricity to seven million homes and is an Energy One customer.”

Cybersecurity gaps and QR codes

States Chan: “To meet the fast-evolving threat landscape, businesses need to be proactive in assessing security gaps and address those with innovative and proven tools. Using low-level AI at the hardware level in devices, for example, is a game-changer.

“Unlike traditional cybersecurity measures, this robust last line of defence protects against sophisticated attacks while removing the need for human intervention.

“Ultimately, for all organisations, but CNI in particular, cyber security must be an integral part of IT systems. One Energy shows us you can’t afford to have weak spots.”

The announcement of the attack on Energy One comes as cybersecurity has been growing as a concern for those in the energy sector.

In the same week as Energy One announcement, US-based computer security services company Cofense published an analysis of an observed large phishing campaign.

The campaign utilised QR codes targeting Microsoft credentials of users from various sectors; “the most notable target” states the company in a blog post, was “a major energy company in the US, saw about 29% of the over 1,000 emails containing malicious QR codes.”

Also of interest:
ENTSO-E and ENCS on mitigating cyber risks
Cybersecurity: Don’t be a sitting duck for energy sector hackers

According to Cofense author Nathaniel Raymond, the energy company was the main focus of the campaign, which sent out phishing emails containing PNG images with phishing links or redirects through a QR code, with the majority of them being Bing redirect URLs.

Raymond states that QR codes can reach inboxes with hidden malicious links. These links can also be embedded into other images to disguise the QR code as an image attachment, or embedded image in a PDF file.

“While automation such as QR scanners and image recognition can be the first line of defense, it is not always guaranteed that the QR code will be picked up, especially if it’s embedded into a PNG or PDF file.

“Therefore, it is also imperative that employees are trained not to scan QR codes in emails they receive. This will help ensure that accounts and businesses security remain safe,” concludes Raymond.

While the benefits of this kind of computing capacity are tremendous, the risks are just as great if malicious actors get access to that same quantum capability. It is vital that the providers of all mission-critical networks prepare for that eventuality now.

What is quantum computing?

Conventional computers are based on the binary concept that electrical signals can be either on or off, which is traditionally expressed in 1s and 0s. From the earliest computers that ran programs off physical punch cards to today’s smartwatches, they have all used coding languages based on binary computations.

Quantum computers are based on the principles of quantum mechanics, which allow for many states between on and off. We are not even limited to one state at a time. This means these computers can not only perform their tasks much faster than conventional binary computers, but they can carry out multiple processes at once, increasing their capacity and speed exponentially.

This offers great opportunities for mission-critical industries. Mining, oil and gas companies can quickly and accurately determine the best places to drill, reducing costly and invasive exploratory excavations. Power utilities can better understand weather patterns and the impact of climate change and make usage predictions to prepare the grid in advance to avoid disruption. The aerospace industry can make major breakthroughs faster, being able to perform highly complex analyses at unprecedented speed. Defence organizations can use quantum sensing for deep-sea navigation, surveillance, and reconnaissance. Emergency services organisations can vastly improve preparedness due to more accurate advance notice of natural disasters. Research and Education Networks, dedicated to solving some of humanity’s biggest challenges from climate change to disease and world hunger, can make calculations that are impossible today and accelerate important breakthrough innovation.

Have you read?
Webinar 19 Sep: What’s driving utilities to embrace IEC 61850?
Nokia announces new 4G and 5G Core network software solutions for mission-critical needs of enterprise verticals

Who is using quantum now?

Today’s quantum computers are highly specialised equipment that demand precise calibration and extreme cooling. That puts them out of reach for most organizations. The few quantum computers that have been built so far are owned by companies like IBM or large government entities. The capacity of today’s quantum computers is used for scientific and research purposes.

However, as demand for quantum computing increases in the private sector, more companies are likely to buy or rent capacity through an as-a-service model. Some innovators are also producing quantum annealers — smaller machines that are less powerful than full-scale quantum computers, but still offer much of the functionality companies are looking for.

Since 2021, Japanese manufacturers Toyota, Mitsubishi Chemical and ten other organizations have been sharing costs and using quantum computing to solve advanced problems, innovate materials for industrial applications and run autonomous vehicle scenarios as we prepare for the next generation of mobility. Mercedes-Benz is using quantum computing to accelerate battery performance for future electric vehicles.

Banks in the United States are running advanced financial computations. Researchers at Fraunhofer and the Cleveland Clinic are sequencing the human genome faster than ever before. Quantum has even been used to accelerate the study of COVID-19 treatments. And CERN, the European Council for Nuclear Research, is using quantum computing to analyse data from the Large Hadron Collider and accelerate our understanding of how the universe works.

Hacking at quantum speed

Today’s encryption mechanisms used to protect in-flight network data were developed to safeguard against an adversary using a conventional computer. Until now, these mechanisms were deemed strong enough to protect sensitive data because these computers cannot break the encryption within a practically useful timeframe.

It would take thousands of years to try every possible key combination. But with a quantum computer, a brute force attack can break most encryption ciphers, within minutes. Just as quantum computers can calculate at speed, access to the technology in the wrong hands means bad actors can also hack at quantum speed.

To launch such an attack requires a Cryptographically Relevant Quantum Computer (CRQC): a quantum computer large enough and equipped with the software required to break the asymmetric ciphers typically used in encryption today. The good news is that no such computer exists… yet. But it’s only a matter of time before a CRQC is developed. That moment is referred to as Q-Day — and while some experts believe its arrival to be most likely by 2030, based on recent developments many experts predict it could arrive sooner.

The potential for disaster when Q-Day comes is substantial. With standard encryption protections rendered useless, all networks will become vulnerable to attack. Malicious actors could cripple the world’s mission-critical networks like power grids and water utility systems with life-threatening consequences, in seconds. Financial markets could be tampered with, sending economies into turmoil. Vital medical systems and research could be impacted, causing irreparable damage to medications, vaccines and other life-saving treatments, setting advancements back to the drawing board.

But the risk does not start on Q-Day. Bad actors can “harvest” encrypted data now — even if they can’t do anything with it — and simply hold onto it until they can decrypt it with a CRQC. It is imperative that we start protecting mission-critical data against quantum hacking now.

Read more news from Nokia

Is it even possible to protect networks from quantum hacking?

Yes. Fortunately, quantum-safe networking technology exists right now.

A symmetric, centralized Classic Key Distribution Network (CKDN) is a way of sharing strong keys separately from encrypted data, making it harder for hackers to acquire both pieces required to access the data. This technology has been in use for several years and is an important element of quantum safety. But it is only effective for certain types of network connections and needs to be complemented by other tools and technologies.

To expand quantum security, it will take a multi-faceted approach. Quantum keys, utilising quantum mechanics as the key material source and transmitted through a quantum key distribution network (QKDN), are currently in development and will provide another layer of security.

Cryptographers are also working on post-quantum asymmetric ciphers, designed to withstand quantum attacks. A future quantum-safe ecosystem will include all three of these elements: CKDN, quantum keys and post-quantum ciphers, as well as other technologies that have not even been thought of yet. The goal is to always stay one step ahead.

The quantum threat cannot be ignored and outdated networking technologies or the mindset of “if it ain’t broke don’t fix it” just won’t fly. Modernized networking technologies with built-in quantum-safe mechanisms will help. Nokia has been at the forefront of research on quantum-safe optical networking, embedding CKDN into our solutions for years. We are currently the only network vendor to offer a quantum-safe solution for our customers — and we are continuing to work with partners around the world on QKD trials and other innovations to ensure that when Q-Day comes, your mission-critical networks are ready.

This article was originally published on Forbes.com

ABOUT THE AUTHORS

James Watt is Vice President and General Manager for the Optical Networks Division at Nokia. Prior to this, James was the Vice President and General Manager for the Services Business Unit, IP/Optical Networks, at Nokia and its predecessor in Alcatel-Lucent, President of the Optics Business Line in Alcatel-Lucent and Chief Technology Officer (CTO) of the Alcatel-Lucent Carrier Product Group. Until 2008, James held the position of Chief Operating Officer (COO) of Alcatel-Lucent’s IP Business Division and had previously held the role of Vice President Network Strategy for Alcatel. James joined Alcatel in 2000 as Chief Technology Officer of the Carrier Internetworking Division through the acquisition of Newbridge Networks, where he was Assistant Vice President, Access and Network Management Strategy. During his 15 years with Newbridge, James held a variety of positions within the research & development, product management and marketing organizations. James holds multiple patents, primarily in the areas of traffic management and Internet Protocol. He received a B.SC. in Electrical Engineering from Queens University in Kingston, Ontario in 1986.

Chris Johnson is Senior Vice President and Global Head of Enterprise at Nokia. A veteran sales and business leader, Chris focuses on delivering critical network solutions for the world’s most essential industries. He is a passionate champion of industrial digitalization for enterprises and government organizations, with a deep understanding of how innovative and intuitive digital technologies can bring resilience, productivity, efficiency and sustainability to any operation. Drawing on his experience defining business strategies, developing teams, executing initiatives and driving profitable growth, Chris helps Nokia Enterprise customers harness the exponential potential of networks to unlock new business models and build capacity for long-term success.

Cybersecurity labelling introduced in US

A cybersecurity certification and labelling programme, the Cyber Trust Mark, has been launched in the US as a voluntary initiative for manufacturers to indicate the cyber worthiness of their devices.

The programme, which was proposed by the Federal Communications Commission, will be applicable to common devices such as smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers, etc.

Several major manufacturers and retailers have already made commitments to the programme, including Amazon, Best Buy, Google, LG Electronics, Logitech and Samsung.

Have you read?
Gaps in EV codes tied to cybersecurity and grid interface issues
Energy Transitions Podcast: The value of circular asset management

Under the proposed programme, which is expected to be up and running in 2024, consumers can expect to see a distinct shield logo applied to products meeting established cybersecurity criteria.

With this, they can then make informed decisions on the relative security of products they choose to purchase and retailers will be encouraged to prioritise labelled products on their shelves and online.

A national registry of certified devices with specific and comparable security information also is planned.

While cybersecurity certification schemes are not uncommon, the consumer labelling proposal appears to be a first and will likely be replicated for other smart devices and in other regions.

In parallel with the launch of the US Cyber Trust Mark programme the US Department of Energy announced an initiative to work with national labs and industry partners to research and develop cybersecurity labelling requirements for smart meters and power inverters as essential components of the smart grid.

Detecting EV charging vulnerabilities

Idaho National Laboratory intern Jake Guidry has developed a cybersecurity research tool that could improve the security of electric vehicle charging.

The AcCCS tool, a combination of hardware and software that emulates the electronic communications that occur between an EV and an extreme fast charger during the charging process, provides access capabilities through the CCS (combined charging system) communications protocol.

The AcCCS hardware includes a charging port and a charging cable, both of which can be plugged into real-world equipment.

No charging power flows through the device. If one plugs the AcCCS into an EV, the vehicle’s computer thinks the battery is receiving a charge. If the tool is plugged into a 350kW fast charging station, the station thinks it is charging an electric vehicle.

“It’s basically acting like one to trick the other,” says Guidry, a master’s degree student in mechanical engineering from the University of Louisiana at Lafayette, who explains that with it not only can normal operations be skewed but also cyber attacks can be introduced.

In a demonstration, researchers used AcCCS to hack a charging station and a vehicle.

Future experiments should help them to develop best practice recommendations for the industry.

Vortex rings may speed nuclear fusion

Vortex rings – those rings of smoke that are the aspiration of novice cigarette smokers – may hold a key to advancing fusion energy as well as research on supernovae as the most explosive objects in the universe.

Nuclear fusion is the process of pushing atoms together until they merge. But part of the problem is that the fuel can’t be neatly compressed and instabilities cause the formation of jets that penetrate into the hotspot, with the fuel spurting out between them – similar to that of the juice of an orange that is squashed in a hand.

Modelling of the phenomenon by researchers at the University of Michigan has shown that the vortex rings that form at the leading edge of these jets are mathematically similar to smoke rings as well as the plasma rings that fly off the surface of a supernova.

Michael Wadas, a doctoral candidate at the University of Michigan, explains that in a supernova the vortex rings move outward from the collapsing start whereas in fusion it moves inward, disrupting the stability of the burning fuel and reducing the efficiency of the reaction.

With their findings, the researchers hope to be able to understand the limits of the energy that a vortex ring can carry, and how much fluid can be pushed before the flow becomes turbulent and harder to model as a result.

In ongoing work, the team is validating the vortex ring model with experiments.

The newly announced National Cybersecurity Strategy Implementation Plan (NCSIP) – announced via a Washington-issued fact sheet – details over 65 Federal initiatives, from combatting cybercrimes to building a skilled cyber workforce.

The initiatives are grouped under five pillars – Defending Critical Infrastructure, Disrupting and Dismantling Threat Actors, Shaping Market Forces and Driving Security and Resilience, Investing in a Resilient Future, and Forging International Partnerships to Pursue Shared Goals – the fourth of which details the US’ action plan to bolster energy-minded cyber measures.

The Office of the National Cyber Director (ONCD) will coordinate activities under the plan, including an annual report to the President and Congress on the status of implementation.

Strategic objective: ‘Secure Our Clean Energy Future’

Under Investing in a Resilient Future, clean energy cyber resilience initiatives fall under the Secure our Clean Energy Future strategy.

States the National Cybersecurity Strategy: “Our accelerating national transition to a clean energy future is bringing online a new generation of interconnected hardware and software systems that have the potential to strengthen the resiliency, safety, and efficiency of the US electric grid.

“These technologies, including distributed energy resources (DERs), smart energy generation and storage devices, advanced cloud-based grid management platforms, and transmission and distribution networks designed for high-capacity controllable loads are far more sophisticated, automated and digitally interconnected than prior generations of grid systems.”

Have you read:
Cybersecurity efforts need to be stepped up, DNV reports
Gaps in EV codes tied to cybersecurity and grid interface issues

To protect said systems, under the implementation plan the following initiatives aim to combat and prevent energy sector cyber crimes:

• Drive adoption of cyber secure-by-design principles by incorporating them into federal projects (initiative 4.4.1)

The DOE, working with ONCD and CISA (Cybersecurity and Infrastructure Security Agency), will work with stakeholders to identify and implement cyber secure-by-design pilot projects, identify economic incentives for cyber secure-by-design, identify needed technology vehicles to apply cyber secure-by-design principles and measure progress on national implementation of cyber secure-by-design efforts for critical energy infrastructure.

The DOE will also continue to promote cybersecurity for electric distribution and DERs in partnership with relevant stakeholders.

• Develop a plan to ensure the digital ecosystem can support and deliver the US government’s decarbonisation goals (initiative 4.4.2)

The ONCD will develop a plan to ensure that the digital ecosystem is prepared to incorporate novel technologies and dynamics needed for the energy transition.

Cybersecurity will be built in through the National Cyber-Informed Engineering Strategy, rather than developing a patchwork of security controls after these connected devices are widely deployed.

• Build and refine training, tools and support for engineers and technicians using cyber-informed engineering principles (initiative 4.4.3)

DOE will work with stakeholders to build the National Cyber-Informed Engineering Strategy to advance the training, tools and support for engineers and technicians to enable them to design, build and operate operational technology and control systems that are secure- and resilient-by-design.

Each initiative under the five pillars is assigned to a responsible agency; 18 agencies in total are leading the initiatives.

This is the first iteration of the plan, which is a living document that will be updated annually.