Refocusing Cybersecurity at Utilities
A rapidly changing connectivity model presents new cybersecurity risks and threats for the utility industry. At the same time, distribution systems are becoming more complex.
“New applications from DERs [distributed energy resources] and renewables are coming on the scene,” says Hugh Head, Senior Product Manager of Security and RF Networks at Landis+Gyr. “Applications that consumers are demanding for managing their energy are also coming at utilities.”
It’s a paradigm shift, with distributed intelligence helping manage the transition from a centralized, one-way distribution of energy to a platform that enables two-way power flow and automated control.
The third dimension
The Internet of Things (IoT) has changed the landscape of the energy industry. IP-enabled networks connect the operational technology (OT) side at the utility and the information technology (IT) side. This means a convergence between SCADA, AMI, DA and consumer engagement systems.
“With all of the new IoT devices directly focused on the consumer’s experience with energy, there is now a third dimension added to the situation,” says Head. “Instead of just having to secure OT and IT, the utility now also has to secure the consumer’s interaction with the smart grid. This is a remarkable change that is deeply concerning to some utilities. But thought-leading utilities recognize it as their opportunity to engage consumers now—while they have their attention. The winners are creating robust networks to enable secure IoT applications, including demand response, DER and consumer engagement applications. They can give the consumer useful information along with the power to choose how they buy, produce and use their electricity, gas and water.”
Mitigating the risks inherent in expanding connectivity requires a new level of collaboration between the OT and IT teams at the utility. Until recently, the focus of cybersecurity at utilities has been on the OT side, or preventing physical access to operational infrastructure. “Utilities are now dealing with technologies that are merging IT and OT organizations,” says Head. “So, the OT and IT teams have to talk to each other and find ways to interoperate their technologies while meeting distinct regulatory and IT requirements for their markets. Further, the consumer now may be inside the security perimeter, which the utility traditionally had to itself. And all the while, the utility must also maintain physical and process security.” In other words, physical, process and cyber security must work hand in hand.
And, as federal and regional regulatory authorities hold the energy sector more accountable for implementing security measures, how will utilities find the money for incremental security investments? “They can justify rate cases,” says Head. “Or they can become more efficient by bringing OT and IT together and reduce costs, while also leveraging interoperable and secure technologies to respond to many of those regulatory pressures.”
Landis+Gyr smart grid solutions provide secure interoperability for OT, IT and consumer-driven applications to help both the utility and the consumer manage energy better.