Cyber-crime is smarter than energy

With the proliferation of smart grids, smart meters, “digital coal mine” and “digital oil fields,” the global energy sector is becoming increasingly interconnected, automated and digitalised.

Cybersecurity has become a critical strategic priority to succeed in the digital transformation of the energy sector. Technological innovation improves efficiency, but it also makes the energy sector more vulnerable to cyber-attacks. Soon, Artificial Intelligence –AI will be the cutting edge of cybersecurity not only to detect but also to fight back against the attacks.

Thirty years ago, the world’s first cyber attack paved the way to modern cybersecurity challenges. In November 1988, Robert Tappan Morris –graduated at Harvard, with Ph.D. in computer science at Cornell University- wanted to know how big the internet was and how many devices were connected to it. So he wrote a program, launched from computer to computer, asking each machine to send a signal back to a server, just to keep count.

That program became the first of a particular type of cyber attack called “distributed denial of service, DDoS,” in which large numbers of Internet-connected devices are asked to address a lot of traffic towards one specific address, overloading it so much that the system shuts down and its network connections are completely blocked. In an era with few protective software installed, the Morris worm spread quickly. It took 72 hours for researchers at Purdue and Berkeley to halt the virus. It infected tens of thousands of systems – about 10 percent of the computers on the internet. The power industry is now entering a new age, the digital transformation age in the energy sector, which looks increasingly in danger of new “energy worms.”

The ways we generate and use energy are changing, so that power systems are evolving and digital and software-based technologies are becoming central to keep the electric grid balanced and to enable connectivity and controllability, creating an “intelligent Internet of Energy.”

Digitalisation is set to make energy systems more connected, intelligent, efficient, reliable and sustainable. Data is the new raw material of the power sector that can enforce a quicker access to pieces of information and also enable a faster decision-making process to optimize power systems exploitation. Data are growing at an exponential rate – internet traffic has tripled in only the past five years and around 90% of the data in the world today have been created in the last two years.

Christoph Frei, Secretary General of the World Energy Council, said: “What makes cyber threats so dangerous is that they can go unnoticed until the full extent of the damage surfaces, from stolen data and power outages to destruction of physical assets and great financial loss. Over the coming years, we expect cyber risks to increase further and change the way we think about integrated infrastructure and supply chain management.”

The electricity sector is the heart of digital transformation.

Traditionally, electricity is generated in large power plants, distributed through transmission and distribution networks and flowing one-way to end users in the residential, commercial, industrial and transport sectors. These nuclear, coal, or oil centralised plants are particularly at risk due to the “domino effect.”

Nowadays, energy flows are multi-directional, distributed in intermittent renewable plants and linked to individual energy-production or consuming units– ranging from electric vehicles (EVs) to wind farms and rooftop solar systems. Government policies will play a vital role in helping to set up a more secure, more sustainable, and smarter energy future.

Is digitalisation making the energy system more vulnerable?
To date, the breakages caused to energy systems by cyber-attacks have been relatively few. However, cyber-attacks are becoming more accessible and cheaper, as the digitalized devices are catching on.

The growth of the Internet of Things (IoT) is increasing the potential “cyber-attack action-range” in energy systems and as a consequence “digital resilience” needs to be included in technology research and development efforts as well as into policy strategy and markets.

What does it mean to be security resilient?
Digital energy security is ensured by a system both flexible and stable. To date, the U.S. National Institute of Standards and Technology (NIST) has identified around 60,000 cyber-vulnerabilities. New threats are discovered every day.

A recent report published by the World Energy Council reveals that oil and gas industries alone spend nearly USD 1.9 billion a year on cybersecurity. The number of connected IoT devices has to grow from 8.4 billion in 2017 to over 20 billion by 2020. Globally, the cost of a cybercrime “to be done” will reach 2 trillion US$ by the end of 2019.

How digitalisation impacts the energy sectors?
Global investment in digital electricity devices, infrastructures and software has grown by over 20% annually since 2014. The most revolutionary changes from digitalisation could be seen in road transport. Automated, Connected, Electric and Shared (ACES) mobility will play a key role in our future, reducing road’s energy use by 20-25%.

Electricity use in buildings is also set to nearly double its figures – from 11 petawatt hours (PWh) in 2014 to around 20 PWh in 2040. Cumulative energy savings over the period to 2040 would amount to 65 PWh – equal to the total final energy consumed in non-OECD countries in 2015.

Digital technologies have also had an impact in the manufacturing industry. Technologies such as industrial robots and 3D printing are becoming standard practice in specific industrial applications. Deployment of industrial robots is expected to continue to grow rapidly, with the total number of robots rising from around 1.6 million units at the end of 2015 to just under 2.6 million at the end of 2019.

Digital technologies are being used throughout the coal supply chain to reduce production and maintenance costs and enhance workers’ safety. Examples include automated systems, robotic mining, remote mining, and the use of global positioning system (GPS) and geographic information system (GIS) tools.

In the long term, one of the most important potential benefits of digitalisation in the power sector is the possibility of extending the operational lifetime of power plants and network components, improving maintenance. The digital world is made for and by a digital brain.

Can cyber-security be smarter than the digital brain?
Cyber resilience in the energy industry is not an option. It is not just about preventing and minimizing risk; it is about delivering a higher quality product and more reliable service. The energy sector is evolving rapidily, and its cybersecurity has to grow at the same speed.

More and more companies are turning to cyber Artificial Intelligence. By deploying AI solutions across energy networks, it is possible to detect and defeat an attack before it becomes serious. There are no alternatives.

A very high amount of data signals a less resilient energy sector. A loss of information is a concern, but an electrical failure can be a disaster for the society. Energy companies are already aware of that. Shortly all of us will be aware too.

Eusebio Loria