How to address cybersecurity in an energy sector embracing digital transformation?
However, this digital transformation has also increased the exposure to cyberattacks, resulting in a growing number of cyber threats. According to a Forbes article, there are 1,248 cyberattacks per week for organizations. As companies continue to adopt digital technologies, they must also prioritize robust cybersecurity measures to protect their digital assets and operations.
The landscape of cyber threats is continuously evolving, with cybercriminals constantly innovating and improving their attack methods. This constant innovation poses a significant challenge for businesses, as they must continuously adapt their cybersecurity strategies to stay ahead of these threats, businesses must adopt comprehensive and forward-thinking cybersecurity strategies that address bothtraditional IT systems and operational technology (OT) infrastructure.
In the European context, the Directive on Security of Network and information Systems (NIS 2) plays a crucial role in shaping the cybersecurity landscape for “essential sectors” like energy. This directive sets out measures aimed at achieving a high common level of security across the EU. It requires companies to take appropriate and proportionate technical and organizational measures to manage the risks posed to the security of their network and information systems, and to report significant incidents to the relevant national authority. Compliance with the NIS 2 directive is not just a legal obligation for businesses, but it also serves as a valuable framework for enhancing their cybersecurity posture and resilience against cyber threats. The energy sector, being classified as a“critical sector”, is particularly vulnerable to cyber threats, therefore, the protection of certain facilities and services against these threats is to be strengthened under the NIS 2 directive.
Energy has become a key sector when it comes to cybersecurity.
Among all economic activities, energy is the 4th most affected sector by cyberattacks (with 8.2%of observed attacks), according to the X-Force Threat Intelligence 2022 report. The last few years have seen a significant increase in the number of attacks and according to an associate at Foley Hoag, that trend does not seem to be slowing anytime soon.
And the structural transformation that the sector is undergoing makes cybersecurity even more important. As said during the World Economic Forum, this industry makes a transition “from analogue to digital, from centralised to distributed, and from fossil-based to low-carbon” and these changes must be accompanied by a genuine policy for securing systems and managing cyber risks.
There are parts of the IT system that are being neglected, jeopardising the entire infrastructure security. That is the case with the APIs since more than a third of organizations have not implemented any specific security strategy in this area. According to Gartner, they will become the most common targets of attacks in the coming years, with their role as an entry point placing them at the center of the IT ecosystem.
Some countries like France have understood the importance of securing the critical infrastructures like the energy since 2013 with the Military Programming Law. In August, an update of this law has been voted for the period 2024-2030. The ambition is to have a top-tier cyber resilience to be able to protect the most critical sectors of the country. On the other hand, some countries are criticized for under-investing in cybersecurity. This is the case for Germany, where a lack of involvement in protection has been highlighted by companies. In an article from the Financial Times, the CEO of E.ON, Leonhard Birnbaum, highlighted the fact that the German companies that have been attacked in the last few years have received no form of support or assistance from Berlin, despite the promise to invest in this sector.
Plenty of breaches in the system can now be used for cyberattacks.
The energy sector is continuously targeted by hackers, but some methods are used more often. The most used is the supply chain attack that happens when a threat actor accesses an organization’s network via a third-party vendor or supplier. They can also take advantage of incomplete integration of systems. We see that particularly in the energy sector because an energy actor’s architecture includes OT (Operational Technology) and IT (Information Technology) and in many cases there is a mixture of legacy and modern technology, creating a gap and there by vulnerabilities in the system. Moreover, breaches have appeared in recent years as the energy sector tries to upgrade older and outdated infrastructure to take advantage of emerging technologies. Identity & Access management has become a critical issue in the IT systems of energy actors. It pushes them to improve their Identity Authentication processes to be safer and more secure. In recent years, we have also witnessed a massive increase in mobile device phishing, the number of attacks targeting employees in the energy sector rising by 161% between 2020 and 2021, making energy the most targeted sector.
Cyberattacks can have huge consequences on the company affected by an attack and as well on the final customers. We can take the example of a wind and solar network in Utah in 2019 which experienced a 12-hour loss of connection leading to power outages in nearby homes. The Cyberattackers exploited a vulnerability in unpatched firewalls, causing a denial-of-service for the equipment. More recently, in 2022, the Colorado energy company Delta-Montrose Electric Association had to shut down 90% of its internal controls due to a malware that wiped 25 years of historical data,bringing many issues within the billing system during months. These 2 exampleshighlight only some of the risks of cyberattacks but are enough to show us howdangerous it can be when it happens on a large scale.
There are solutions for the energy sector to tackle these issues.
There are ways to prevent cyberattacks from damaging your IT system as much as possible and these methods cover the entire journey of digitalization.
The first aspect is probably the most important and crucial one because it concerns the way your IT system works. The energy actors need to adopt a composable approach to their security architectures to be “secure by design”. Designed to protect composable business, composable security is an approach where cybersecurity controls are integrated into architectural patterns, and then applied at a modular level in composable technology implementations. Many organisations rely on traditional monolithic systems like ERP to deliver functionalities to the business, which have been designed to address the challenges from the past. To enable an organization to respond to the accelerating pace of business change, it needs to build modular capabilities in their applications. The modular components can interact with each other through well-defined and secured APIs and compose together todeliver business functionality. Composability is an emerging strategy to increase business agility in response to dynamic market conditions.
Another step of your digitalisation journey that can be improved to reinforce the security of your system is the choice of IT partners. As we have already mentioned, cyberattacks coming from a breach in the third-party vendor’s system happen very often and that is the reason why carefully choosing your IT partners is a key element of your cybersecurity strategy. Your integration process with technology suppliers must be clear and well-defined in your IT ecosystem to prevent cyberattacks originating from a lack of security from your IT partner.
Given that a good strategy is to cover all scenarios, you also must be ready for a disaster recovery. This scenario will be addressed by a suitable resilience planning aiming at understanding how to recover and restore operations when there is a major cyberattack, making sure you have that muscle memory of working across the organization to respond and recover promptly in an emergency.
How triPica can help utility companies feeling safe with their meter-to-cash platform
At triPica, our commitment to excellence extends beyond innovation to encompass robust cybersecurity practices. From the inception of triPica, we have diligently implemented key OWASP recommendations, fortifying our platform against potential vulnerabilities. Our dedication to security is evident through regular audits and prestigious certifications such as AWS Well-Architected Review and ISO27001, underscoring our unwavering commitment to delivering a secure solution.
Integral to our security infrastructure is our Security Operations Center (SOC), a cornerstone in achieving ISO 27001 certification. This certification not only signifies compliance but also demonstrates the reliability of the triPica ecosystem. Our proactive approach to security, fortified by the SOC, ensures that our platform adheres to the highest standards, providing clients with peace of mind. As we evolve, our journey towards cybersecurity excellence continues, with a dynamic interplay of industry best practices, cutting-edge technologies, and a relentless pursuit of perfection.
In addition, a fundamental aspect of ensuring the security of the triPica platform lies in the implementation of highly secured interfaces using safe protocols. Our platform operates on a 'zero trust' philosophy, where the exclusive entry points are the API gateways. By default, external accesses are closed, with only authorized ones granted. To enhance precision, we employ the Role-Based Access Control (RBAC) methodology, dictating specific permissions for each user within the triPica platform. Moreover, the security of dialogues between clients and servers is fortified by our stateless APIs, coupled withrobust authentication measures using Json Web Token (JWT). And to prevent our platform from brute force attacks, object unique identifiers (OUID) are cyphered using a session scope key.
At the core of the triPica platform's security measures is a robust monitoring system. Technically overseen around the clock, our solution employs automated thresholds, alarm detection, and meticulous capacity planning. From both a functional and financial standpoint, we ensure transparency through hourly dashboards and employ a robust revenue assurance system to meticulously track every financial transaction within the system. This vigilant monitoring not only guarantees there liability of our platform but also allows us to deliver a resilient and highly available solution to our valued customers, reinforcing our commitment to excellence in every aspect of our service.