Should the Energy Production Industry Consider Cybersecurity?

Security measures for energy production plants were formerly focused on the physical security of the plant, including considerations for the perimeter and reliable procedures. Years ago, cybersecurity was not considered so vital because energy production plants were based on SCADA systems that were closed off and ran on proprietary protocols. But are these systems still safe today?

The Stuxnet worm demonstrated in 2010 that even if a system is protected and cannot be accessed by external attackers, it can be hacked. This type of attachment at the programmable logic controller of the SCADA cannot likely be replicated for this peculiar case, though everyone remembers this event as a milestone. After 2010, the entire world was made aware that SCADA systems can be attacked and, thus, must be protected.

On the other hand, is it really true that SCADA systems are so closed that they cannot be accessed by external forces? The reality is that SCADA systems originally used proprietary interfaces that were not always very user-friendly. In order to improve the user experience, SCADA systems are now often interfaced with a standard user’s interface. Also, in order to reduce the costs of management, standard marketplace protocols are used. Therefore, SCADA systems may be closed, but they are based on elements that can be affected by cybercrime.

Grid introduction in the production of energy and the usage of digital metering systems for an intelligent utilization of the energy implies that the production plant cannot be included within a perimeter.

Industrial processes are now strongly based on IT. To create a problem for an enterprise focused on producing energy, it is not necessary to compromise the SCADA systems, but it could be enough to attack the customer relationship management system. In fact, how many days could an enterprise survive without receiving money from clients or without paying providers and employees?

Therefore, protecting an energy production plant is strongly connected to cybersecurity. There needs to be a holistic approach to protecting the enterprise. Rather than just focusing on protecting the infrastructure, data or application, all elements necessary to provide service should be protected.

Share this Article:
Domenico Raguseo

Technical Sales and Solutions Leader in Europe, IBM Security

Domenico Raguseo is currently Manager of Technical Sales in Europe for the Security Systems Division. He has over 15 years of management experience in different areas. Domenico also cooperates with several Universities by teaching Service Management, Cloud Computing. Since 2010 Domenico is member of Educational Scientific Council for the Master in IT Governance at the University of Rome La Sapienza (http://w3.uniroma1.it/mastersicurezza/index.php/master-itgov/direzione). Domenico got in IBM a certification as IBM Master Inventor for the multiple patents and publications in several disciplines (Business Processes, ROI, Messages and Collaborations, Networking). Finally, he is speaker on Information Security Management, Service Management, Cloud computing, Energy Optimization and Smarter Planet in several national and international events.