It is clear to everyone already that the energy industry is undergoing a massive digital transformation. This process is transforming energy generation, transmission, storage, consumption and metering. Energy infrastructures, in fact, are complex systems that were built many years ago and were not interconnected with digital equipment. Intelligent technology is enabling new business models and more effective asset management. However, digitization introduces new challenges. Cyber risks have the potential to affect every operation in the sector, especially with the increased use of connected industrial devices or automated controls.
We spoke with Krasimir Murdzhev about the importance of cybersecurity in the energy sector, including what forces it and what makes it vulnerable. He has 30 years of experience in system administration, network, and cybersecurity and has been the Head of the IT Department at ADD Bulgaria for the past 13 years.
- What is cybersecurity?
1.1 Why is cybersecurity so critical?
1.2 What are the various types of cybersecurity threats?
1.3 What is cybersecurity in energy sector?
1.4 Why is cybersecurity in the energy sector needed?
- What increases the vulnerability of the energy sector?
2.1 The breakneck speed with which technological innovation is taking place
2.2 Cyberattacks are becoming more sophisticated
2.3 The attractiveness of the sector as a cyber target
- An integrated approach to security by ADD Bulgaria
- Characteristics of the systems, applied by ADD Bulgaria
- Where can ADD Bulgaria’s cybersecurity systems be applied?
„To understand the importance of cybersecurity for the energy sector, we must first have a general idea of what cybersecurity really is.
Cybersecurity is the protection of internet-connected systems from cyber threats (hardware, software, and data). Individuals and businesses use the practice to prevent unauthorized access to data centers and other computerized systems.
A strong cybersecurity strategy can provide a good defense against malicious attacks aimed at accessing, altering, deleting, destroying, or extorting an organization’s or user’s systems and sensitive data. Cybersecurity is also instrumental in preventing attacks that aim to disable or disrupt the operation of a system or device. “ said Krasimir Murdzhev.
The number of users, devices, and programs in modern enterprises is rapidly increasing. The flow of data is constantly rising, and the majority of it is sensitive or confidential. The problem is exacerbated by the growing number and sophistication of cyber attackers and attack techniques.
It is required to protect information and other assets from cyber threats, taking many forms. Cyber threats come in a variety of types, including:
- Malware is malicious software that can use any file or program to harm a computer user. Worms, viruses, Trojans, and spyware are examples of this. Another type of malware is ransomware. It involves an attacker encrypting and locking the victim’s computer system files and demanding payment to decrypt and unlock them.
- Social engineering is a type of attack that uses human interaction to trick users into violating security protocols to obtain sensitive information that is normally protected.
- Phishing is a type of social engineering in which fraudulent email or text messages are sent that look as they came from reputable or well-known sources. The intent of these messages, which are frequently random attacks, is to steal sensitive data, such as credit card or login information.
- Spear phishing is a phishing attack that targets a specific user, organization, or business.
- Insider threats are security breaches or losses caused by humans, such as employees, contractors, or customers. Insider threats can be malicious or careless.
- DDoS (Distributed denial-of-service) attacks are multiple systems disrupting the traffic of a single system, such as a server, website, or another network resource. Attackers can slow or crash the system by flooding it with messages, connection requests, or packets, preventing legitimate traffic from using it.
- APTs (Advanced persistent threats) are long-term targeted attacks in which an attacker infiltrates a network and remains undetected for extended periods to steal data.
- MitM (Man-in-the-middle) attacks are eavesdropping attacks in which an attacker intercepts and relays messages between two parties who believe they are communicating.
„Cybersecurity is a collection of documentation, knowledge, rules, hardware, software, and the relevant organizational units that must integrate and put them into action. The US National Institute of Standards and Technology (NIST), in collaboration with the European Union Agency for Cybersecurity (ENISA), is developing a set of documents that must be implemented to achieve a level of cybersecurity for specific activities. We rely on these documents that are widely recognized and accepted to avoid omissions and mistakes. The security suite used by utility companies is the DLMS one. It is a set of procedures and requirements that must be met by devices in the company’s utility network to avoid security risks.“, explained Krasimir Murdzhev, Head of the IT Department at ADD Bulgaria
Energy infrastructures are complex systems with physical, geographical, logical, technical and finally cyber interdependence with other critical infrastructures, such as transportation, telecommunications, water, agriculture, health, finance, chemical industry, and networks supporting the government, central and territorial entities, emergency services, and military- and civil defense. A disruption in the normal operation of critical energy infrastructures can have a negative ripple effect on other infrastructures.
“The energy industry is transforming. On almost every front, major shifts in global supply and demand are creating new opportunities and threats to manage. The industry’s digitalization is also influencing this transition. Intelligent, sophisticated technology, such as artificial intelligence (AI) for control and monitoring systems, is enabling new business models and more efficient asset management. As the energy sector’s digital footprint expands, new synergies are being realized by connecting operational, information technology (IT), and communication systems within organizations and across the energy supply chain. Many governments and business priorities revolve around digitalization and the development and transformation of energy supply chains. It is one of the top-ranked uncertainties, according to the Council’s 2019 World Energy Issues Monitor“, explained Krasimir Murdzhev.
He continued: “Responding to the effects of digitalization is intertwined with other issues such as connected infrastructure or the industrial “Internet of Things,” blockchain, data and artificial intelligence, decentralized systems and artificial intelligence (AI), energy efficiency, and cyber threats. Given the critical role it plays in every country’s infrastructure, the transforming energy sector necessitates new, agile risk management approaches to match its evolving risk profile and ensure it remains effective and reliable.”
Cyberattacks are becoming more common, and the energy sector is a popular target for criminals. Energy infrastructures have evolved into highly distributed systems that necessitate proactive security. The three factors that make the energy sector more vulnerable are as follows.
The energy system is already transforming. It is motivated by the need to expand access to safe energy and is made possible by emerging innovative technical solutions. In its most fundamental sense, technological innovation is regarded as a critical enabler of progress. The exponential growth in technological innovations in the energy sector, on the other hand, raises the levels of indiscriminate and targeted cyberattacks. As a result, it is recommended that energy companies develop strategies to address security gaps and improve the security of their digital assets.
It is widely acknowledged that cyberattacks have become more sophisticated over time. These attacks could be carried out by organized crime syndicates, industrial espionage teams, cyber terrorists, or even nation-states. Furthermore, these multi-vector attacks take advantage of unknown and complex vulnerabilities, resulting in massively negative consequences on a large scale. As a result, the increasing sophistication of cyberattacks in the energy sector has the potential to harm a large number of entities spread across large geographic areas.
The energy industry is highly reliant on intellectual property. In other words, it owns a large amount of intellectual property. It’s no secret that intellectual property (IP) is at the heart of many organizations’ competitiveness. Because of this, it is a desirable target for cybercriminals as well as cyber espionage. Cyber espionage against the energy sector may be motivated by political and economic factors, granting the actor access to information that provides a technological advantage, posing a potential threat to energy security.
ADD Bulgaria provides intelligent systems for remote control, metering, and management in the energy and industrial sector. Established in 2006, ADD Bulgaria is one of only a few companies in the world to have implemented a project for the cybersecurity of millions of smart energy meters.
“We have five years of experience integrating security systems and implementing projects from the ground up – connecting the various components of the smart metering system and protecting them with their own security key. “, says Krasimir Murdzhev, Head of the IT Department at ADD Bulgaria.
“We have been collaborating with the world’s leading cyber security providers and our last successful cooperation has been with ” Fornetix, Inc. by creating very good work in a cluster together.
“The system we have integrated is FIPS (Federal Information Processing Standard Publication) and NIST-certified Key Management Servers, and it can generate over 100 million individual keys dynamically, ensuring that each action is protected by an individual key. We also use widely adopted Microsoft Public Key Infrastructure “.
“ADD Bulgaria has experience in the successful migration of such systems, from one Key Server Solution to Another, from a small one to the most advanced one” Krasimir Murdzhev added.
1. The system is fully completed and operational, but it is also open to changes at the client’s request.
2. The system is available and supports clients in Bulgaria and the EU.
3. The following are the benefits for our customers:
- Complete integration with the client’s existing PK infrastructure.
- Using the client’s corporate network’s already established structure and role distribution.
- Virtualization, with all of the benefits that it entails.
- The existence of very regular product maintenance.
- The system has an excellent price/performance ratio.
- Possibility of advancement
4. The independent Dutch Cyber Security Agency ENCS (European Network for Cyber Security) has certified and tested electricity meters and data hubs.
Parts of the standards cover several types of control systems, including supervisory control and data acquisition systems (SCADA), distributed control systems (DCS) system configurations such as programmable logic controllers (PLC) installed on-site, which are common in industrial sectors and critical infrastructures.
ADD Bulgaria has already successfully integrated its cybersecurity system in utility companies in Bulgaria and the EU. It can be applied with great success and importance in street lighting systems, thus protecting the illumination of cities and preventing accidents. The cybersecurity system is suitable for any kind of vulnerable system or for an organization that simply wants to be proactive and protect itself before an attack actually happens. If you are interested in integrating a cybersecurity system and in your utility, you can contact us.