Cybersecurity is not a tick-box exercise but a fundamental part of grid modernisation in smart utilities and in smart city development. It needs to be a continuous effort from the beginning and then carefully considered at each stage of the design.
Energy security tops the list of the most exciting areas of IoT development for utilities, according to a poll Wi-SUN Alliance conducted earlier this year. The idea behind this survey of senior professionals in the industry was to find out what was top of mind for those working in and developing smart utilities services and applications in what has in the past been seen as a sector largely resistant to change.
More recent modernisation of our utilities, enabling increased efficiencies and reliability through digital transformation and open connectivity, means that smart utilities are now changing the way the industry operates. Smart systems, devices and customer services are replacing an ageing infrastructure to help create a more efficient, more affordable, and more sustainable energy future.
But will this transformation come at a price? Security and data privacy are always a worry for an industry that is increasingly open to attack. According to ABI Research a couple of years ago, both water and power utilities have reported an increase in advanced persistent threats (APTs) which can exploit vulnerabilities in industrial control systems. While other cyber threats like ransomware and DDoS (dedicated denial of service) attacks are able to infiltrate systems and cause significant damage once inside.
The evolving threat landscape
We know threats are constantly changing and cyber attackers are finding new and innovative ways to develop their techniques. As you increase connectivity and open up systems to multiple parties in an effort to increase efficiency and reduce costs, you also open up potential attacks vectors that need to be secured.
Attackers could get access to customer data leading to data privacy breaches but could also manipulate data and readings. At this stage, consumers then lose trust in the technology which could impact smart meter deployments. There’s also the bigger risk of the smart meter network becoming compromised with the potential to bring down the grid or leading to power outages.
As our cities become increasingly smart and networks increasingly interconnected, a compromised grid could affect other applications like smart lighting, traffic and transport systems or even healthcare systems.
Then factor in regulation and compliance in an already highly regulated industry. With multiple cyber initiatives in Europe, there could the risk of too much complexity.
In our Journey to IoT Maturity report published last year, we can start to see how perspectives and attitudes to IoT technologies are changing among those developing and implementing smart cities and smart utilities. The report – a study of 300+ IoT adopters in the UK and US – is a revisiting of our first state of the nation report published in 2017.
The market has gathered momentum during this period. Our latest report shows that over 90% of respondents recognise they must invest more in IoT to remain competitive as the market continues to evolve. But some of the core concerns five years ago have started to ease. One of these is security, with those respondents ranking security as one of their top three challenges when rolling out IoT falling by over half (from 58% in 2017 to 24% in 2022).
This change in attitude is particularly interesting considering the threat environment, with concerns growing among policy makers and industry leaders due to current global economic and political turmoil, including the war in Ukraine potentially putting energy supplies at risk.
What’s interesting, however, is that concerns around data privacy are growing. In our most recent IoT study, data privacy regulation was ranked the second highest political, economic or social challenge by respondents, while almost one fifth (up from 11% in 2017) placed big data in their top three IoT rollout challenges. Most IoT initiatives, from smart metering to rollouts of streetlighting, rely on increasingly large amounts of data, so capturing and storing it securely presents its own challenges.
The General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other privacy regulations have also come into force since our 2017 report, which may be driving up concerns. With stricter data protection laws come greater pressures for utilities and energy providers to protect sensitive data. Those that fail to do so risk running into compliance issues that can lead to serious financial penalties and damage to reputation.
Security by design
The question of smart utility development going hand in hand with security is not a case of whether it can, but how it can.
Cybersecurity is not a tick-box exercise but a fundamental part of grid modernisation in smart utilities and in smart city development. It needs to be a continuous effort from the beginning and then carefully considered at each stage of the design, from the network infrastructure that provides a robust foundation for secure IoT implementations, to the devices and applications sitting on the network.
If security hasn’t been baked in from the start it can be difficult and expensive to solve security issues retrospectively.
This is very close to our hearts as an industry alliance. IP-based security technologies, which form part of the Wi-SUN protocol, ensure that data communications across the network are protected from security threats. Our own commitment to security is embodied by our global members who prioritise secure communication within their product offerings.
This commitment in turn inspires innovation and collaboration, which are critical to the success of IoT development.