Towards Scalable Solutions of Operational Technology Cybersecurity in Smart Energy Networks

Abstract: During the last years, operational technology cybersecurity threat landscape has become wider, due to the increase of digitalization, more sophisticated cyberattacks and increase of ransomware. Dependence on energy and information networking and operational technology inevitably exposes smart energy networks to potential vulnerabilities associated with networking systems. This increases the risk of compromising reliable and secure use of them. Network intrusion by adversaries may lead to a variety of severe consequences from customer information leakage to a cascade of failures, such as massive blackout and destruction of critical infrastructures. Cybersecurity should be considered as core business enabler for smart energy networks. In energy solutions, sector integration means integrating various energy sectors to electricity transfer networks. This increases overall complexity of the electricity networks but it also enables to balance out each other’s peaks in consumption and generation, with benefits towards carbon-neutral and flexible energy system. Cyber secure digital platforms will be the key to manage this increasing complexity driving a sustainable energy transition.We introduce a cybersecurity system integration reference model to cover the common cybersecurity solutions, processes and architecture for operational technology environments. The model has been validated in several experimental implementations. The model will enable establishment of common and standardized capabilities towards creation of competitive advantage in the global business in securing industrial automation. The model covers common architecture, interoperation, processes, tools and requirements, including the essential information for OT cybersecurity improvement, and SOC service up-scaling. The security infrastructure may include unnecessary or multiple actions or it may be configured inefficiently. The aim of is to find out more effective configuration. This includes removal of legacy software and devices, consolidating external connections to internal network, grouping assets, defining allowed actions, listing allowed applications, and simplifying processes to decrease false positive alarms.It is obvious that a novel cybersecurity governance model for the sector integrated smart energy networks is required, driven by knowledge of risks, vulnerabilities, threats, assets, potential attack impacts, and the motives and targets of potential adversaries. Traditional reactive approach to cybersecurity strategy is no longer effective, nor is it defensible. The focus will be in best secure and resilient governance practices in sector integration, maintenance and processes, handling of security requirements, risks, objects and measures and management of multiparty operations. The governance model is validated in an experimental laboratory environment for an energy production system. Secure sector integration sets a lot of requirements for cybersecurity and OT, policies, and management. An energy production system needs to fill the requirements with validated functionalities, such as cybersecurity and operation controls. Functionalities are distributed to internal and external domains (on-site and Security Operations Center, SOC). Subsystems of the smart energy network are connected to the SOC by wired or wireless connections. The SOC can use common procedures and processes for different kind of operations. This enables automation of the continuous cybersecurity monitoring, along with AI techniques, making the SOCs as correlation points for every logged event within the sector connected energy production system and overall smart energy network system.

Keywords: Cybersecurity, Operational Technology, Secure energy production

DOI: 10.54941/ahfe1006141

Cite this paper:

​