The convergence of information and communication technologies (ICT) and operational technologies in smart grids is a double-edged sword. On the one hand, ICT makes it possible to significantly improve grid reliability, security, and efficiency by facilitating information exchange, managing distributed generation and storage sources, while also enabling active participation of the end consumer. On the other hand, attackers can exploit the vulnerabilities of communication systems for financial or political gain.
In its working paper "Critical Vulnerability in Log4j - Detection and Response", the German Federal Office for Information Security (BSI) underlines the persistent and complex danger of the Log4Shell vulnerability in industrial networks as well. Patching the vulnerability in the short to medium term is considered unrealistic for many companies. For this reason, the BSI recommends continuous monitoring and analysis of network communication via anomaly detection in addition to rule-based query analysis. Industrial anomaly detection solutions, as offered by Rhebo, a Landis+Gyr Company, enable companies to detect on compromises that have already occurred, active exploits and other malicious activities in the operational technology (OT) and industrial control systems (ICS) at an early stage. The vulnerability, documented as CVE-2021-44228, allows attackers to execute arbitrary code on systems using the widespread Log4j library without authentication.
The digitalization of the energy industry has led to a convergence of operational and informational technologies across metering infrastructures worldwide. This OT/IT convergence brings with it all the benefits of the connected, IoT era such as personal energy management insights, automated energy management and grid transparency. However it has also resulted in increasingly complex OT/IT ecosystems creating with new areas of vulnerability and increasing exposure to attacks.
Increasing amounts of data, interconnected utility infrastructures, regulation and a general awareness of security and privacy issues raise the pressure also on smart metering security. E360 is our response to the most stringent security requirements.
The Internet of Things (IoT) opens the gate for endless opportunities in the energy sector. Unfortunately, such diverse opportunities can arouse another type of energy: the malicious one. The threat of unanticipated security breaches is not only about loss of income or reduced customer satisfaction, but finally about consumer privacy and ultimately about electricity network stability.
Cyber security is widely discussed in the energy sector, but until now it has been rather unclear in many energy utilities how to start developing it in concrete business terms. This summer, two announcements in the EU provide guidance from the regulatory side and support in defining the direction of the next steps. For the daily management of information security, industry standards provide a practical framework.
