The energy industry is going through some momentous changes, including a process of rapid digitalisation reflected in the growing number of devices on the ‘smart grid’ and an increase in the number of ‘prosumers’ able to import and export their own electricity to the grid.
Digitisation brings huge benefits but also can present risks to our infrastructure, not just in relation to information technology (such as data protection, firewalls and email monitoring) but also operational technology (OT) – the hardware used to generate our electricity.
The complexity of managing power systems provides a number of challenges for the energy industry and its operators as the supply chain becomes ever more reliant upon IT systems to operate.
One standout challenge is where electricity generators are working with legacy systems which do not match the latest manufactured security products. Updating an out of date industrial control, OT system, with its lack of interactivity means updates can take months to implement. Some energy companies turn to patching their IT systems but this has not always proved to be reliable, so opportunities for security threats remain.
So how does the energy industry employ operational resilience to approach these challenges and protect itself against attack?
Energy UK is bringing the necessary stakeholders together to ensure a more joined up approach to cyber security in the energy industry:
In the next decade, the energy industry is going to see traditional market models being superseded by reformed market regimes based on masses of data and technologies such as blockchain. Whilst these present exciting opportunities to improve services, becoming cyber resilient is a necessary accompanying step so that as the UK energy market becomes more digitally focused, connected products and services are secure for generators and consumers alike.