Cyber Securities

Home>Topics>Cyber Securities
Refine Results
  1. All
  2. Articles
  3. Online Articles
  4. Magazine Articles
  5. Videos
  1. Q&A: Aurelio Blanquet, Director at EDP Distribucao

    Aurelio Blanquet, Director at EDP Distribucao talks smart grid cybersecurity and why his company has joined ENCS. EDP Distribuição is the electricity distribution company of Energias de Portugal, one of Europe’s largest electricity operators, owning and operating approximately 99 per cent of the electricity distribution network in mainland Portugal. Recently, the company became the newest member of the European Network for Cyber Security (ENCS) – a non-profit industry organisation for improving cybersecurity in European critical infrastructure, focusing on energy grids.   Why is cybersecurity so important to the smart grid ? AB: The smart grid offers a host of advantages to both consumers and Utilities, but whenever you connect things to a network that weren’t connected before, you introduce new risks. We need to make sure the electric grid is cyber secure and that consumers and their data are protected. The future is going to be digital, so cybersecurity has to be a strategic priority for all stakeholders in the sector – utilities, manufacturers, government, academia and any active energy sector players. If cybersecurity is seen as an afterthought, then that opens the door to some big problems.   How advanced is the Portuguese smart grid? AB: In Portugal, we’ve been working and evolving the smart grid since 2005/6 with the Inovgrid project. It was quite an ambitious project from the start - it was never just a smart metering project; we looked at the whole smart grid value chain - renewables, electric vehicles, consumers producing their own energy, and the challenges to transform a network system operator into an active distribution system manager. And we did it through a customer centric strategy, empowering people to make their own decisions about their energy usage. The approach was very well perceived at the European level - it won several awards and has been highlighted as a reference project by the Joint Research Centre (JRC). An initial pilot project in Évora reached 30,000 customers, and seven more recent projects have involved around 100,000 customers. So Portugal has advanced quite far in terms of smart grid and smart cities, with the unique aspect that the Portuguese roadmap is an industry-led approach supported by the regulator and government, but without a specific political mandate driving it forward – and as EDP Distribuição is driving the initiative, it brings even more responsibility regarding the potential risks and adversities related to its implementation, as in cybersecurity. There weren’t any standards or guidelines handed down to us. So, we’ve spent a lot of time working on the cybersecurity challenges with other industry players, the government and academia both in Portugal and across Europe.   And what about cybersecurity? Has security been a priority from the beginning? AB: Yes, for EDP Distribuição, an end-to-end cybersecurity strategy has been a key concern even before the start of the Inovgrid project. About ten years ago at EDP Distribuição, as we looked to rationalize and optimize our own operations, we realized that we’d have to look for a strategy more leveraged in outsourcing. And as our OT (Operation Technology) was becoming more exposed, and our processes and technologies more complex, we acknowledged that we had to look closely at cybersecurity and data privacy. We did a lot of work identifying our main vulnerabilities and risks, and its corresponding controls, and we launched a portfolio of projects to address them in order to improve the overall security of our critical information infrastructure and adapt to the new threat landscape. We started increasing our visibility over cyber activities in our systems, managing access and privileges, applying network segregating and system hardening techniques. At the same time, energy grid cybersecurity started to feature quite prominently on the EU’s agenda, and a number of pan-European discussions and projects began to emerge. It was by that time we first started talking to ENCS. We were looking for forums and trusted communities to learn how to be more effective cyber protecting our critical infrastructure.   When did you first work with ENCS? AB: We first started working with ENCS around 2011, so it’s been five years now. We worked on a few different projects, including having ENCS training on cybersecurity in their offices in the Netherlands, using the red/blue teams (hackers V.s. Company) roleplay model (which really helped us to better understand how cybersecurity works and how the “game” is played.   Why did you decide to join ENCS as a full member? And why now? AB We’ve seen the value of collaboration; of working with the wider European industry, governments and academia. Hackers work in teams - they’re very cooperative, coordinated and often well-funded. They share their knowledge and expertise, so to defend ourselves and our customers as an industry, so should we. Having worked with ENCS and seen the value they may add, it made sense to join as a full member now and explore the advantages of this partnership. Internally, it has helped us to increase our cybersecurity awareness, putting it on the board level agenda. On a broader level, it allowed us to fully access that network, its centre of expertize and benefit from that collaboration. By being members, it also means we can contribute with our own experience and expertise, and have a say in decisions over what the network does next, and what type of research is funded. Specifically, we’re working on a rather ambitious smart grid infrastructure security project, and we realized we wanted to be fully plugged into this expertise for it. ENCS assures a professional and comprehensive approach for the identification and remediation of our main threats and vulnerabilities.   What does your ENCS membership mean for your customers? AB: Simply put, it can give them an extra confidence and assurance that we are working to keep them and their data safe; working collaboratively with the European community for a more cyber secure energy sector, keeping consumers, their data and the electric distribution grid protected - these things are too important and the stakes are too high. Therefore, as an industry we cannot afford to make the same mistakes twice; if a utility or DSO (Distribution System Operator) discovers a vulnerability that can be exploited by attackers, it can’t keep it to itself and wait for others to figure it out on their own. We need fast and effective information sharing and cooperation since a wait and see strategy is not an option. The hackers will share information so we have to it as well. Our membership with ENCS demonstrates how we are keen and motivated to working together with the industry, and that we can’t treat cybersecurity as an area of competitive advantage where we work against each other. As businesses we’ll do better learning from each other, and consumers will be safer too.   Is there another sector you think the smart grid can learn from in terms of cybersecurity? AB: In an increasingly connected world, I think it’s essential we all work with each other. A particular industry I think we can learn from though is the telecommunications sector. Firstly, because we’re mutually dependent on one another (they need energy to operate, and we need telecommunications), but also because they’ve been confronted with a lot of the same challenges in the past. Telecommunications got smarter earlier than the energy grid. In telecommunications, there has already been a huge shift from analogue to digital grids, and they’ve dealt with all the processes of service providers tendering for manufacturing contracts and having to figure out how to build in cybersecurity. These are all challenges we’re facing now, and although there are some obvious differences, I believe we have a lot to learn.   What’s next for EDP Distribução, ENCS and cybersecurity? AB: At the moment, we’re still in the midst of a large scale smart meter infrastructure security project where ENCS is contributing with all its expertise. And as the smart grid is still a work in progress, there’s still a lot to be done to ensure that we are addressing the main cyber challenges of our evolving digitalisation process. More generally, there is also much to learn from and contribute to in terms of the wider cybersecurity conversation in Europe. We look forward to doing so as an active full member of ENCS.

    Online Articles

    Online Articles

    Wed, 11 Jan 2017

  2. Utility Company: US states, leery of Russia malware, re-examine cybersecurity

    Several states around the country on Saturday asked cybersecurity experts to re-examine state and utility networks after a Vermont utility's laptop was found to contain malware U.S. officials say is linked to Russian hackers.

    Online Articles

    Online Articles

    Wed, 4 Jan 2017

  3. Honeywell and Aereon to leverage Industrial Internet of Things for oil and gas

    Honeywell and Aereon will collaborate on solutions to help oil and gas customers boost the safety, efficiency and reliability of their operations by leveraging Honeywell's IIoT ecosystem.

    Online Articles

    Online Articles

    Thu, 12 Jan 2017

  4. New Cybersecurity Jobs Index From ISACA Shows Skills Gap Is Growing

    ISACA’s Cybersecurity Jobs Index is a new at-a-glance summary of key statistics and insights on the state of cybersecurity jobs and the growing gap between supply and demand. The job index shows that here has been a nearly 10-point jump in the past year among security pros who say that fewer than ...

    Online Articles

    Online Articles

    Fri, 14 Oct 2016

  1. FERC cybersecurity safeguards pass muster with OIG

    Online Articles

    Online Articles

    Mon, 14 Nov 2016

  2. Safety products: Cyber security solution for utility operational networks

    Safety equipment: RAD and Check Point introduced end-to-end cyber security solution for utility operational networks.

    Online Articles

    Online Articles

    Mon, 9 May 2016

  3. Pan-industry JIP assesses cyber security risks

    Platform operators need confidence that countermeasures can deal with bigger and more sophisticated cyber-attacks, claims DNV GL.

    Online Articles

    Online Articles

    Thu, 29 Sep 2016

  4. Siemens Opens Cyber Security Centers in US & Europe

    Siemens (NYSE: SI) opened its Cyber Security Operation Center in Europe and the U.S. to protect industrial facilities worldwide.

    Online Articles

    Online Articles

    Thu, 17 Mar 2016

  5. More POWER-GEN 2016 Industry Announcements for Tuesday

    Announcements from a variety of industry leaders, made here at POWER-GEN.

    Online Articles

    Online Articles

    Mon, 12 Dec 2016

  6. Nuclear Power: UN: Threat of a hacking attack on nuclear plants is growing

    The "nightmare scenario" is rising for a hacking attack on a nuclear power plant's computer system that causes the uncontrolled release of radiation, the United Nations' deputy chief warned Thursday.

    Online Articles

    Online Articles

    Sat, 17 Dec 2016

  7. Power management: Meter with cybersecurity protection upgrades for utilities, end-users

    Energy management: Schneider Electric introduces PowerLogic ION 8640 meter with significant cybersecurity protection upgrades for utilities and end-users.

    Online Articles

    Online Articles

    Thu, 18 Jun 2015

  8. Cybersecurity and hydropower: Speaker lineup announced for free webcast

    Four authoritative speakers are preparing to address the topic of cybersecurity at hydro facilities during a free editorial webcast that will take place on April 22.

    Online Articles

    Online Articles

    Tue, 14 Apr 2015

Get More Results