SCMagazineUK.com was rick-rolled today as Erwin Kooi, information security architect at Alliander, a dutch electricity supplier took to the stage at 4SICS 2016. Kooi's aim for the talk was to share some of Alliander's challenges in both upgrading to a smarter grid - which includes smart meters –- and keeping it secure from harm.
But it goes without saying – digitising and upgrading systems of this nature introduce a number of security vulnerabilities, alongside various other company changes. This is because SCADA systems are introduced in order to control electrical substations over the air.
Kooi explained that a smarter grid has allowed them to expand monitoring and control lower voltages, decentralise control of parts of the grid, move electricity around more quickly to allow for smart car charging, energy storage (for balancing, as above with the green energy), flexibly switch street lights on and off, and become a data driven grid operator.
Kooi recognised that current grids definitely have their own common security vulnerabilities, or in his own words, “themes”.
Kooi said, “Than are more than enough chiefs writing policy, not enough indians to implement and run it,” adding, “there are more than enough people telling me what's wrong.”
So how do we achieve security and resilience? Kooi likened this to an escalator, “if you put power (resources/money) into it, you will go up a level.”
Kooi insisted that awareness is hard, but as soon as you call it “awareness training” you have lost. For this reasons he suggested IT security needs to become a trusted business partner for other employees of the company. Employees need to know who to report risk to, employees should be getting security advisories if using IT at home, and remember to reward employees which have prevented an attack.
Kooi then went on to speak of the importance of partnering with people within the industry, and that you have trusted partners for, “when you get that scary 3am call.” Kooi said Alliander are currently in partnership with IRB, a high-level .nl crisis organisation, and the NL/EU Energy ISAC which share high level information in their specialism.
Kooi then encouraged keeping up with the latest research – he mentioned almost too many research papers to write – but suggested coupling this with monitoring of threat intelligence to see which vulnerabilities an organisation is most likely to be infected by.
According to Kooi, the use of threat intelligence will also help with detecting and measuring what their systems are doing, and likewise with correlation of security events, saying that, “at Alliander use a SIEM so we have great visibility of what is happening in our systems. If four events happen at the same time, we should have the visibility to understand if they are related.”