Race is on for energy cyber security standards

Government and Ofgem must lead a "race" to deliver smart technology standards which protect against cyber security threats in the energy system, a leading consultant has urged.

The comments come after the publication of Upgrading our Energy System, a joint report from the department for business, energy and industrial strategy and Ofgem, which sets out a plan for creating smart systems and flexibility in the UK.

Among other things, the report acknowledges: “A smart system will need to mitigate new risks, such as cyber risks, because it will be more complex and more driven by data and communication technologies.”

The report also says that government has commissioned research to understand “the magnitude of the smart cyber security risk up to 2030” and inform its approach to mitigating those risks, for example by setting new standards for smart appliances and scrutinising the security of industry systems.

“The Government and Ofgem are also in discussions to further define their relative roles in the oversight and regulation of cyber security risks in different parts of the industry,” the report states.

Industry has welcomed this focus on cyber security.

Julian David, chief executive of trade body Tech UK told Utility Week: “At the heart of a smarter, more flexible energy system is data. Being able to communicate, interrogate and derive knowledge from data can bring incredible benefits, but it also introduces an increased risk of cyber-attack”.

David said that government has been “pro-active” to date in addressing this risk and added: “No system can be completely secure but government has taken the right precautions whilst ensuring that innovative services can still grow and emerge; the smart systems and flexibility plan continues that theme.”

Oliver Rix, a partner at consultancy Baringa agreed that cyber security in a smart energy system “is a concern” and said “setting standards is right”.

But he also cautioned that: “the challenge is the pace in which those can be developed and implemented given the pace of change in technology…It’s kind of a race to get that in place versus those who are trying to do damage”.

Cyber security in the energy system recently made headlines. Last week The Telegraph reported that energy companies may have been hacked on June 8 in the wake of the general election.

The paper said that an official report from the government electronic spy agency GCHQ warned companies that they “are likely to have been compromised” and that the source of the attack seemed to be “state-sponsored hostile threat actors”, possibly Russian.

Rix told Utility Week that the rapid growth of connected devices in the energy system means the system is vulnerable to such attacks. “If you can access many small appliances and manage them all synchronously, then you’re then in a position to bring down parts of the energy system by connecting and targeting a particular area with a lot of energy-using devices,” he said.

Tech UK’s David also emphasized that a focus on the security of “operational technology” is “of primary importance”.

Jane Gray

This article first appeared on edie’s sister title, Utility Week

Action inspires action. Stay ahead of the curve with sustainability and energy newsletters from edie