Protecting against cybersecurity risks in IoT-enabled electrical systems

Credit to Author: Adam Gauci| Date: Thu, 03 Oct 2019 12:00:13 +0000

This two-post blog series looks at the drivers for electrical system cybersecurity, as well as how the IEC 62443 standard is helping simplify the definition of cybersecurity requirements.

The Internet-of-Things (IoT) is helping many businesses maintain their competitive edge, with 94% reporting they are already seeing a return on their IoT investments. More and more business infrastructures are becoming digitized, including electrical power distribution systems. Smart meters, circuit breakers, and other devices are growing in intelligence and connecting to powerful analytic applications.

Whether hosted in the cloud or onsite at the ‘edge’ of a power distribution system, IoT-enabled applications are helping facility and finance teams reach deeper into their electrical systems to gain the insights needed to achieve a new range of operational benefits:

  • Improving safety. Continuous thermal monitoring is providing early detection of conditions that can cause fires.
  • Improving power and energy performance. Analyzing consumption is helping reveal inefficiencies and cut costs. Analyzing power conditions is helping reduce downtime, isolate problems and restore power faster.
  • Improving asset performance. Real-time visibility of the health of circuit breakers and other critical assets enables predictive maintenance, which helps avoid risks, extend equipment life, and save money.
  • Maintaining compliance and achieving sustainability. Affordable IoT-based energy metering is simplifying emissions compliance reporting, supporting energy management best practices such as the ISO 50001 standard, and achieve green building certifications.

The digitization of electrical systems is an important part of improving and maintaining operational performance. However, like IT systems, operational technology (OT) is becoming more and more exposed to the risk of cyberattacks. Massive disruption and costs can be the result, as illustrated by the 2019 ransomware attack on Norsk Hydro, which has suffered over $40 million in losses.

It is imperative that all organizations develop a comprehensive cybersecurity management strategy for their facility electrical systems. The IEC 62443 provides a framework to simplify this process. Before we look closer at the standard, let’s look at the potential consequences of a cyberattack on an electrical infrastructure.

Impacts of an electrical system cyberattack

While a cyberattack on an IT system can risk the loss of data and intellectual property, an attack on an electrical system can have severe impacts on business operations and safety:

  • Data breach – The attacker may obtain competitive data like load profiles or server usage.
  • Equipment malfunction – This can be a safety risk to employees or the public.
  • Power outage – Can cause massive losses or, in the case of a hospital, put lives at risk if backup power systems fail.

In terms of disruption, the level of financial loss will vary depending on the organization. Studies have shown a telecommunications operation can typically lose €30 thousand per minute, a financial trading floor can lose €6 million per hour, and an offshore oil platform can lose €30 million per day.

A growing attack surface

As the number of IoT connected devices grows, they have become a more attractive target for criminals. Kaspersky Labs reported that IoT devices were attacked with malware three times more in 2018 than they were in 2017.

In addition, the continuing convergence of IT and OT networks is increasing the attack surface for cyberattacks. A single insecurity in one network can lead to the breach of another. Examples including the 2017 attack on a university IT network that came through a botnet attack on vending machines, and the famous 2013 attack on retailer Target that came through the HVAC system and ultimately caused losses of $290 million.

We can easily imagine a reverse situation where an attack on an IT system might lead to an attack on a connected electrical system, causing a power failure or serious safety risks.

In my next post, we’ll look at how the IEC 62443 standard helps define the appropriate level of cybersecurity for an electrical infrastructure. To learn more, download the white paper “Understanding cybersecurity for IoT-enabled electrical distribution systems. ” Schneider Electric has adopted the IEC 62443 standard as well as following extensive cybersecurity best practices throughout product and solution development, engineering, and service delivery. Discover more about our cybersecurity solutions.

The post Protecting against cybersecurity risks in IoT-enabled electrical systems appeared first on Schneider Electric Blog.

http://blog.schneider-electric.com/feed/