Historically, the energy and utility sector has been conservative, to some extent, while embracing innovation and technology. Due to strong regulations and the need to ensure the safety of critical infrastructure and operational continuity, the industry has been reluctant to take risks. It cannot be denounced though for being lethargic regarding new technology adoption due to long planning processes, making it challenging for governing bodies to put their trust in technologies that will go a long way forward. Initially, IT and OT networks used to operate individually. The utility industry has counted on IT to drive automation in business functions such as customer service and accounting, whereas OT has been targeted for managing power grid operations such as the supply of electricity and management of critical energy infrastructure. However, the demands for modernisation have made digital transformation essential and also obscured the borders between IT and OT. With the bridging of IT and OT networks, a new set of opportunities has been created to enhance operational efficiency, meet customer needs and be in sync with the digital transformation. This amalgamation has enabled the sector to drive data consistency and management, which, in turn, has boosted productivity and other efficiencies such as service assurance, service fulfilment, and network management.
Along with optimisation and operational efficiency, this integration has also exposed the OT world to cyberthreats. The communication channel between the IT and OT worlds has opened up vulnerabilities that can be exploited by cybercriminals. Since the OT environment has a lot of outdated infrastructure and is also short on strong security measures, we have started seeing an increase in cyberattacks on critical infrastructure.
Strengthening the cybersecurity of smart grids
The Indian power sector has increased substantially, from a very small capacity of 1,362 MW at the time of Independence to 373.03 GW as of September 2020. However, the industry has been struggling with a shortage of capacity and high transmission and distribution losses. The government has initiated several structural and regulatory amendments to address the issues in the power sector. The introduction of smart grids represents one such pragmatic solution. They can help monitor grid conditions and energy consumption and generation, as well as automate many grid operations. Since electricity grids are becoming smart, the potential consequences of a cyberattack have also become more acute than ever before. Being a crucial national infrastructure, it is important that the cybersecurity strategy of smart grids is effective enough to address threats that could arise from different adversaries and manage the vulnerabilities that occur as a result of natural calamities, human error and hardware/software failures.
As per the NISTIR 7628 report, the smart grid cyber strategy should focus on prevention, detection, response and recovery processes in order to confront both current and possible threats. An effective cybersecurity strategy must include strong policies and control frameworks, a well-defined risk assessment and impact analysis framework, segregation and protection of sensitive data, secured communication channels within smart grids, security awareness and training programmes, and a well-defined incident response plan. The security of smart grids should be considered as a proactive measure to prevent it from becoming a new attack vector for cybercriminals.
Growing cyber disruptions
Traditionally, the power industry had counted on human-based grid management, centralised generation and control, and uni-directional power and information flow. And now, when it has embraced sensors and information and communication technologies, the likelihood of cyberthreats has increased manyfold. The industry experiences a myriad of cyberattacks, affecting corporate systems, and resulting in financial and reputational damage, and a huge impact on industrial control systems. This can further result in blackouts, interruptions to operations, and resource failures.
Phishing, internal threats, credential theft, denial of services, etc. are some of the most common and prevalent threats in the power and utility industry. But there has also been an increasing trend in nation-state actors and organised crime. Threat actors have started utilising sophisticated tools and malware strains to penetrate and compromise critical infrastructure. Over the past few years, supply chain risk has surfaced as a growing concern for the power sector. Grid modernisation, digitalisation and decentralisation are some of the factors that have contributed to the growing number of attack surfaces and potential vulnerabilities in electricity grids.
The industry needs to adopt a structured approach aimed at improving security-related information sharing and decision-making across all business units. Organisations must consider future-oriented, industry-wide practices to proactively tackle complex threats to grid security.