The power grid is becoming increasingly complex due to the integration of municipal utilities, renewable energy resources, new substations and millions of smart grid edges like smart meters and EV-charging stations. The majority of this electric infrastructure is located far away from the central control room. Therefore, control is increasingly carried out digitally via remote access. To secure these peripheral systems, distribution and transmission system operators often rely exclusively on firewalls. These might reliably detect known malware. However, with several hundred of thousands of new malware variants each day, cybersecurity limited to identifying known signatures becomes highly unreliable.
The NIS2 directive requires owners and operators of electric and multi-utilities to include their OT networks in risk management procedures and risk analysis. The target is to determine the risk exposure of their critical processes and define appropriate mitigation measures. And this is for good reason, as the results of our vulnerability assessments at IOUs, municipal as well as public utilities highlight.
Energy companies are under pressure from all sides when it comes to the cyber security of their critical infrastructure. The spiraling skills gap is set against an increasingly dynamic risk landscape and more far-reaching legislation. Nevertheless, companies must quickly find ways to set up their own operational technology (OT) security expertise.
In the latest episode of the 'OT Security Made Simple podcast' , Klaus Mochalski, founder and CEO of Rhebo, sits down with Todd Wiedman, Chief Security Officer of Landis+Gyr, to cover a range of topics, shedding light on the evolving challenges and solutions within the realm of AMI security.
The IEC 62443 family of standards is an old acquaintance to most security managers for industrial systems. For more than ten years, it has been considered THE standard for industrial cybersecurity. It also serves as a "horizontal standard" offering a sector-agnostic baseline for industrial cybersecurity, upon which sector-specific requirements, e.g. for the energy sector, could be added by industry experts. In this blog we explore its implications for the energy sector.
The utility industry is facing new and evolving security threats in the modern era of operational technology (OT) and information technology (IT) convergence. Geopolitical turmoil and changes in the workforce have further complicated the security landscape for utilities. As a result, it is becoming increasingly important to secure advanced metering infrastructure (AMI) systems.
