There seem to be two main schools of philosophy in the energy business. One sees energy as a service. The other sees energy as a commodity. “I see energy as a commodity.” Jeroen Scheer looks pensive as he puts this out there, right at the beginning of our interview. Coming as he does from a background in retail, this does not seem surprising – but worth a bit more digging. Even in the light of a massive transformation in the energy sector? With distributed generation, own use, local renewables, and a dozen more disruptive factors? “Even then,” Scheer responds: “We want energy to maintain the characteristics of a commodity, in spite of so many new factors influencing generation and distribution; in other words, while we reverse the entire energy value chain.”
Cybersecurity for the energy sector: Everybody’s war?
Energy networks are becoming increasingly digital and interconnected. The threat of cyber-attack represents a significant risk factor. We travelled to Utrecht in the Netherlands to find out how Dutch energy utility Alliander deals with this risk in its transition to fully digital utility status.
It slowly dawns that there is much more than your average energy philosophy going on here. Jeroen Scheer is CTO of Alliander, a network company based in the Netherlands, responsible for the distribution of electricity, (bio)gas, and heat. A publicly owned utility transitioning to fully digital operation, it manages nearly 125,000 kilometers of grid in six Dutch provinces, including more than a million smart meters. As such, the utility is focused on energy networks – reliably transporting and reselling that energy commodity between an increasingly diverse set of consumers and producers. The obvious question is: how? The answer, it turns out, is technology. Having spent many years applying technology to answer the challenges of systemic efficiency in the retail sector, a career change now has Scheer applying technology to solving the myriad challenges facing the energy sector. He is guiding Alliander towards becoming a true digital utility by taking their conventional grids and making them fully digital.
Smart metering immediately comes to mind, and indeed Alliander is involved in improving the data collection interface between prosumers and the grid. Scheer dislikes the term, however. Metering is metering. “Smart” refers to the intelligent use of the increasingly digital data that meters collect, and that intelligence is not – should not be – resident in the meters themselves, where it can rapidly become dated. “Intelligence should permeate the digital grid, distributed in such a way as to minimize risk and maximize effective management and rapid response,” Scheer notes. It’s an excellent opportunity to steer the conversation towards our core topic – cybersecurity. Does distributed digital intelligence throughout the grid not offer a larger target for cyber attacks? Smart meters have proven notoriously hackable, but the potential harm is limited. Elsewhere – in substations and related SCADA (supervisory control and data acquisition systems) infrastructure – the risk is significantly higher. How risky is all of this?
Scheer admits that the risk is high, but the alternative is simply no longer viable. He insists the risk can be managed with the right mindset, technologies, and awareness. Every technology introduced to safeguard systems brings an additional risk factor, however, and Scheer is not a fan of building castles. Rather, he sees the solution in a universal approach to cybersecurity. It should permeate every aspect of the organization, from management – where cybersecurity can be cast in terms of conventional risk management vocabulary – down to engineers, customer service personnel, and technical staff, where procedures, good practice, solid equipment, and an ingrained security-aware mentality can help avoid risk-inducing elements.
The whole organization – over 7,000 staff members, in the case of Alliander – should become a rapid reaction force to counter cyber risk, according to the company CTO. “We do not need to build castles around everything. Rather, we need a resilient grid, with supportive infrastructure and people that can respond quickly to attacks, problems, and failures, protected by such technology as is needed where it is needed.” This requires an organization schooled in dealing with the risk of cyber-attack at all levels. Management must understand the real-world impact of the risks a digital grid poses, phrasing it in terms conventional energy managers understand – money, downtime, maintenance costs. Investing in resilience makes a great deal of financial sense.
The human threat vector
“The biggest threat is human, not technology,” Scheer explains. Whether it is a lack of understanding at board level, resulting in insufficient attention to and financing for cybersecurity measures – a situation that Scheer says is all too common, but is fortunately not the case within Alliander – or human engineering to get around the protective layers of technology by convincing employees to help attackers gain access to systems: People represent a far more dangerous threat vector than groups of anonymous hackers somewhere in the “dark net”. This includes the uncomfortable specter of direct physical attack.
However, all other parts of the organization must share this threat vector awareness. Engineers must understand and be versed in dealing with failures stemming from both technology and from individuals, through resilience training that includes modeling, practicing, and testing corrective techniques and their application. So, what kind of toolkit is available for dealing with these challenges?
One such instrument is patching, a process in which the software embedded in everything from smart meters to transformers to control centers can be centrally updated to foil potential exploits. It is seen as a key technology in reducing the risk of cyber attacks; however, it also opens a new attack vector in a situation where malignant software (“malware”) is distributed using the patching system, causing widespread damage.
Challenges remain, however, and this is one area where close co-operation with technology partners – notably Siemens, in the case of Alliander – is essential in dealing with some especially tricky situations. Alliander works closely with Siemens to solve a number of very complex challenges in patching substations, for instance. Patching in itself is not a solution, but is part of a total architectural endeavor. Development of such architectural patterns is required due to the long lifetime of such specific OT systems.
“There will always be challenges we cannot solve alone,” Scheer remarks. For situations such as those, strong partnerships with companies that supply the technologies needed to run a grid, like Siemens, will remain vital. But those partnerships are not for the delivery of products or services. Rather, they are based on joint innovation and a shared awareness of the task at hand: developing a safe and resilient grid together.
Exchange with other players in the sector to share the burden of cybersecurity is proving just as valuable. Both Alliander and Siemens are on the board of ENCS (European Network for Cyber Security), a platform that allows players in the European energy sector to share experiences, collaborate on preventative and ameliorative measures, and generally gain a better understanding of both the threat and the prevention of cyberattacks in the energy sector. Alliander participates in a number of such forums, also internationally, convinced of the significant business benefits that this involvement brings. Also notable in this context is ee-ISAC (European Energy – Information Sharing & Analysis Centre), where Alliander and Siemens partner.
Scheer provides a concrete example: In managing its grid, Alliander has implemented online control and management of its network of substations. How does it protect those key components now that they are all centrally connected and controlled? The answer is a combined approach of technology and access management, which forms a security system consisting of seven layers (the same number as is typically used for nuclear reactors) that protect the core control routines of the units themselves.
Those control routines are also imbued with an embedded intelligence of their own. They ensure that commands cannot be accepted that would bring the units into a state outside of accepted operational parameters. Access by Alliander staff to those routines is also strictly limited – “I can’t get anywhere near them, and I’m the CTO!” Scheer laughs – and requires coordinated actions by a precisely defined, limited set of staff members. In the near future, the installations will also communicate amongst themselves to enable a better evaluation of the validity of any commands received.
It certainly sounds like Alliander is well on its way to becoming a digital utility. What remains to be done? Again, it all comes back to an organization-wide mentality of security and resilience, and the technology to implement that resilience at a network level. “We keep pushing towards a better understanding amongst our staff and the industry of what is involved, what the risks are, and how best to combat them,” Scheer says. Alliander wants to offer its clients a broad set of generating and consumption choices without those choices impacting negatively on the risks the supporting grid faces.
It helps to have a board that understands the risks involved in managing a digital energy network and has a high-powered “Digital Champion”. Scheer sees this as a key factor in successfully rolling out countermeasures, which makes it possible to “sell” financing cybersecurity measures as risk management. Add to this a management-driven committee focused on resilience within Alliander, and it becomes clear that a resilient approach to cybersecurity enjoys the highest priority here. If the proof is in the practice, Alliander seems to be on the right track, operating one of the most stable grids in the Netherlands, a market already famed for its grid stability.
Cybersecurity is clearly a rapidly changing battlefield; just as in conventional warfare, it requires continuous vigilance and a variety of responses from a range of specialists. As a tool for warding off attacks on critical infrastructures, it requires awareness and a consolidated response from everybody involved. And as with terrorism and war generally, it is the human element that stands front and center in determining the outcomes. Technology, intelligence, and preparation are the key weapons in our arsenal to safeguard our energy supply – today and tomorrow.