There are many new factors now influencing the risk to energy information. Insert the Internet of Things, Wi-FI, access points and networked-based status market, and, for the most part, the risk and threats can come from anywhere. In the energy industry, as more and more access points become available, anyone from a rogue employee to foreign countries looking to cripple the U.S. grid is seen as a potential attacker.
But energy companies in the past didn’t always have the level of access exposed as they do now. Traditionally, protection of customer information was the paramount concern from a traditional privacy perspective. For example, in the areas of oil and gas or exploration, keeping exploration data secure--including the reason for exploring and what type of data was being extracted--was essential only from a competitive standpoint. The same held true, from a production standpoint, at a refinery, in terms of keeping information private (such as a view of production results that might provide insight on availability or demand), as well as at a utility, in terms of transformers, switches or any type of meter (such as water, gas or electric).
Energy Information Today
Today, any point on the network in any energy discipline can provide status wirelessly or remotely. Further, any type of meter is now able to wirelessly report any number of parameters of usage. Transformers and substations are now able to provide system status and equipment control remotely for centralized system management.
This increased ability to manage and monitor remotely is enabled through computer networks connecting and enabling the management of these devices, and greatly increases businesses efficiency. However, the use of networking technology connecting these devices introduces the ability to hack and attack any component on the network.
Energy devices on the network now look like any other node on a traditional network, which introduces the ability for cyber-attacks. These attacks are especially dangerous in the energy and utilities industry since the risk is not just the theft of information, but also the potential for hackers to remotely shut down a refinery, substation or someone’s water, gas or electric. This puts national security, a community or an individual in grave danger. Imagine a refinery unable to produce petroleum products for transportation; sections of the country not able to get to stores or banks; or a person dependent on a respirator now without electricity.
As mentioned above, in the past energy companies also did not have to worry about technologies such as the Internet of Things, Wi-Fi, access points and networked based status. All of the equipment was checked by hand, visually or by point-to-point access without a network. The changes that the energy and utilities industry is facing today has also been accelerated with the government funding during the economic downturn. The money for modernization as well as the “use it or lose it” pressure forced the energy and utility industry to introduce technologies to their systems before they were completely ready to understand them and manage them.
Today, energy information is not just about managing customer accounts anymore; it is all data and connectivity enabling the excellent control of our energy devices, in addition to the information obtained from these devices--simultaneously opening up that information and control to cyber-attacks.
Challenges in Securing Access Points
Energy and utilities face a multifaceted security challenge. The industry must secure customer, exploration, refinery and business operation data, as well as general access and identity management. The largest challenge now becomes the non-traditional equipment that is being used today by the energy and utility industry.
Technologies such as mobile units, including phones and tablets, are introducing increased access points to cyber-attacks. In addition, more and more control points are wireless or are connected to a mobile application or other access points to the Internet.
Another access point for cyber-attacks is self-generation or consumer-generated energy. As electric and hybrid cars continue to proliferate, these technologies provide power back to the grid, provide storage and simultaneously provide information to the utility, creating yet another access point for cyber-attack.
The Future of a Secure Energy Sector
In essence, it may seem that the energy and utilities market as a whole is behind in implementing a data security strategy. But, by employing state-of-the-art technologies in practice by industries familiar with these types of access points, such as financial or healthcare, the sector can catch up. Utilizing industry, third-party, and vendor products and resources will get the energy and utility industry there faster.
For a deeper look into data protection and compliance in the energy market, as well the other vertical markets, download our free white paper here: Data Protection and Compliance Considerations for Solution Providers..