Hacker attacks, manipulations, viruses, malware, human error – the list of potential security risks for digital systems is long. The effects of an attack on critical infrastructures such as the healthcare system, transport infrastructures or the water and energy supply can be particularly dramatic. The consequences of a nationwide blackout were seen in Argentina and Uruguay in mid-June: stopped trains, traffic chaos, a collapse of public life, hospitals and airports were provided with emergency power.
Increased legal requirements for critical infrastructures
Natural factors and technical deficiencies can never be eliminated completely, but to prevent such a scenario due to hacker attacks, stricter requirements apply to the energy sector by the IT Safety Act. “The cybersecurity demanded according to the ‘state of the art’ requires implementing appropriate measures as an intrinsically motivated process. Also European law also stipulates protection requirements for essential services with the EU NIS Directive. Equally, increased legal requirements to cybersecurity for critical infrastructures such as energy companies apply on international level,” says Dr. med. Dennis-Kenji Kipker, energy law expert at the University of Bremen.
Holistic approach to cybersecurity
Initiatives such as the cyber defense training center, recently opened by the energy company Innogy SE, clarify the increasing importance of the topic for the whole sector. Especially energy providers and network operators need to develop a comprehensive understanding of cybersecurity in the supply network and train their employees as regards IT safety of power infrastructures. This is the basic prerequisite for the modification and advancement of our energy provision and energy supply, especially regarding to renewable energies.
Klaus Mochalski, CEO of Rhebo GmbH with long-standing presence at E-world energy & water, welcomes this approach: “A modern power supply requires a nationwide security concept that completely uncovers manipulation attempts and technical faults within the network control technology before disorders occur.” An integrated, matured defense-in-depth strategy is important here: “Besides trainings under real conditions, network segmentation and perimeter security, continuous network monitoring with anomaly detection is at the focus. The monitoring also detects and reports unknown attack vectors and hidden risks in the network control technology, thus sustainably increase the IT security and supply stability.”
More than technology
Internationally, the sector also agrees that the whole energy system and not just individual elements must be adapted to the new challenges. In his presentation at the Smart Tech Forum at E-world 2019, Yuval Porat, founder and CEO of the Israeli company KAZUAR, also pleaded for a holistic approach in to combating IT security gaps in the power grid. He demanded a paradigm shift. The most sensitive data would have to be even more protected, hardware and software redesigned and finally the human factor more involved. This is the only way to ensure comprehensive protection of critical infrastructure in the future.
E-world 2020 will deal with the question how cybersecurity not only focuses on technology, but also on people and companies. As already in this year, numerous exhibitors from various fields of the sector will present their solutions at their booths and in the lecture program of the trade fair.