Energy & nuclear energy
Three very different areas need to be protected against cyber-attacks: power generation, transmission and distribution. In fact, end-user devices can now often be vulnerable as well, since the smallest household appliances can be connected to the Internet. Attacks can have extremely dangerous physical consequences: blocking access to the network, corrupting or destroying devices. In addition, such attacks have demonstrably evolved over the last 6 years. Around 2015 they were only creating disruption, inhabiting recovery. Later attacks even enabled physical damage, but now with widespread prepositioning may result in unknown consequences.
Difficulties raised by digitalisation
Challenges
Huge and heterogeneous network
A wide range of technologies is used in energy sector, and any network's security posture is only as good as its weakest links'. A solution that fails to extend cyber defense to the smallest parts of the system will be compromised. These infrastructures were built a long time ago ang even though they are maintained and updated from time to time, many parts were designed to be time-resistant. It is a true challange to maintain a timeless yet secure network in this industry. At the same time, cyber attacks against such infrastructures have increased in recent years, as a consequence of economic and political pressures.
Reactive versus proactive approach
Many people only act when there is already an emergency. But with such a critical infrastructure, you need to be prepared for cyber-attacks even if the chances are slim. In addition to protecting physical assets and the network (which are often 'insecure by design'), education and training of staff is a key element, which in our experience is less emphasised. Another factor in this proactive approach is that actors in this industry are insufficiently informed. It is not their fault though. An incident in this area is definitely a highly sensitive information, therefore many cases are not public and that may result in nuclear industry personnel believing that incidents are rare.
Supply chain vulnerabilities
Similarly to other critical infrastructures, equipment is often delivered by different vendors. Their security posture is something electric and nuclear facilities cannot have control over. In case a vendor's facility is compromised in any way, it can spillover to the main system.
