We know that to do something in the OT domain, you require
very good knowledge of processes and systems, and you have to
understand how to get in as well as IT security concepts. This is a very
limited skillset which is not very available for ‘the bad side’, and yet we
can see that they are making progress. So the volume of attacks and
the change in the interest area that you can see happening is what I
fnd really important.
In the example of Industroyer, the designers built intelligent software
that can make a bridge to the OT world, can get access to systems in the
OT, and this is really frightening so we have to take it into consideration.
And that means that security from the start is something that is
important because, also in the case of Industroyer, a real infection, if it
happens, will happen on the IT side. It’s a very staged approach.
Q: ENCS has done a lot of work in The Netherlands with smart charging
infrastructure for EVs. This is one of a few focuses: smart metering, more
general issues such as substation security, and transmission-level
A: The build-up of new systems connected to the grid at one side, and
to IT and communication systems at the other side, brings new and
unknown risks. There are hard deadlines for the deployment of smart
metering infrastructure: by 2020, 80 per cent of meters in Europe will
have to be smart. So this will be a new type of system and we need to
know what it will mean for data and privacy, but also what kind of risks
are associated with it. This is exactly the reason why we started to focus
on the requirements side: to make sure that what you build in takes into
account the risks associated with these new technologies.
EV charging is interesting as a topic because what you will be
seeing with the Internet of Things – all kinds of connected systems –
is something you can already learn about by deploying things like
charging infrastructure for EVs. The particular reason why this is high
on the priority agenda for grid operators is that impact. If there is a
signifcant deployment of people driving EVs, then the power that you
require for the loading becomes very signifcant, which means that
this is going to have quite some infuence on the grids themselves.
By nature this means that if you want to do harm, this infrastructure
becomes interesting to you.
So these together are the reasons why EV charging is, in terms of the
security agenda, pretty high on the priority list, in combination with the
fact that at the moment would be the right timing to address some of
the issues because the domain is developing, and in some places is
developing rapidly. But it also means that now it is required to take care
of these issues.
Q: What is the timeline for the ENCS/ENTSO-E collaboration to produce
A: It’s an ongoing thing, and it is extraordinarily important, on top of
what the developments are, to translate what they mean and require
for the operational domain. There are new abilities on the hackers’ part
and thus new risks. We cannot set a fxed date because the feld is
changing – it’s sort of a weapons race.
for more information
Electric actuators for all types of
Reliable and long-term service. AUMA
offers a comprehensive actuator
■ Customised solutions for all types of
power plants: from CHP to large-scale
■ Variable speed for high precision
■ Interfaces to all conventional feldbus
■ Service worldwide
Discover our solutions for
the power plant industry
FLE XIBILIT Y
Please visit us:
19. – 21. Sep. 2017