Protecting power: why the electricity sector must switch to a cyber-first mindset

Wherever connectivity goes, vulnerability follows. Ahead of his speech at the upcoming Electrify Europe conference, Erik Laykin, Managing Director and Head of Global Data Risk at Duff & Phelps, uses the example of autonomous vehicles to argue that as the power sector becomes more central to our lives, electricity businesses must switch to a cybersecurity-first mindset.

The rise of the automotive industry was one of the most important developments of the last century, but it wasn’t always smooth sailing. Indeed, the sector has been through a number of seismic shifts over the years. And the move towards autonomous vehicles, while tremendously exciting, leaves it facing its biggest challenge since the switch to a safety-first mindset 50 years ago.

From safety to security

Autonomous electric vehicles are not simple machines. They are complex pieces of kit, comprised of a number of sophisticated parts – all of which need to communicate with each other (in many cases wirelessly). The days of simple cogs and pistons are behind us.

All this communication means one thing: connectivity. And where connectivity goes, vulnerability is never far behind. The ubiquity of the internet has led to the rise of a whole range of bad actors using malware and hacking attacks to steal and extort by exploiting any weakness they can find.

And this can include the threat of physical harm. For instance, in the healthcare sector, MRI scanners, medical dispensing systems and even individual pacemakers could theoretically be hijacked for nefarious means, with potentially terrible consequences.

But if autonomous vehicles are hacked, there is potential for harm on a huge scale. And it’s not just the physical threat that we should be wary of.

Consider a situation wherein a newly antagonistic state had manufactured the braking systems for a large number of European vehicles. And as part of this antagonism, a state-backed hacker threatened to switch off these braking systems across the continent. The economic consequences would be massive, as we ceased using our cars for fear of the brakes failing.

In a world where global trading relations are going through a fractious period, this isn’t an entirely unrealistic proposition. This is why the next big switch to the industry will be the move from physical safety to security in all its forms.

The battery’s the bullseye

This move is about more than just auto manufacturers. The power industry will play a critical role.

Why? Because a car’s battery will be the most tempting target for those with ill intentions. Not only is it the very source of propulsion that enables the vehicle to move, but it is also the only component that will be hooked up to, and communicating with, all other parts of the vehicle. This means more opportunities for infection, and a higher likelihood that once in, malware can spread to other parts of the car.

This is a dangerous position for the power sector to find itself in. And protecting itself will require businesses from across the whole electricity value chain to embed security into absolutely everything they do.

This is an unprecedented challenge for the power industry. For years, it has been able to channel electricity in one direction to its consumers. But it is increasingly becoming the platform upon which the rest of society is built. Autonomous vehicles and healthcare applications are just two examples, but the Internet of Things could just as easily be called the Internet of Power, the way in which it intersects with and depends upon the smart grid to fully function.

Creating culture

This new role requires a new culture. A culture which sees everyone, from engineers to executives, looking up beyond mere functionality to ensure that their products and solutions are safe and secure.

It’s not an easy ask. Culture change is tricky at the best of times, but it’s even harder when technology is changing at this pace – and the threats are evolving with it. Regulations aren’t keeping up – making it even more important that companies take matters into their own hands to establish ever-improving minimum standards to ensure that our power platform is protected.

Education and training will be essential to ensuring that throughout each organisation there is a thread of common knowledge and understanding about the nature of the threat, the importance of fighting back, and just how to do it.

But perhaps even more important is to ensure that these organisations are talking to each other – sharing information, insight and ideas from their own unique experiences. Too often those faced with cyberthreats bury their heads in the sand when in fact they should be joining together to tackle the issue head-on.

That’s the thinking behind conference and exhibition events, such as Electrify Europe, which provide a platform for professionals from across the electricity value network to come together and exchange ideas – both through speeches and talks on their plans and ambitions and through showing their latest products off on the exhibition floor.

Because not only is cybersecurity critical to protecting these businesses from harm, but it is fast becoming a means of differentiation and competitive advantage. Just as safety features are an importance thread running through automotive marketing today, we can expect cybersecurity measures to do the same tomorrow.

And so they should. Because autonomous vehicles are just the start. Power is set to be the platform our world is built on. We have to protect it.

This year’s Electrify Europe conference and exhibition will be held in Vienna between 19-21 June 2018.