Meet The Expert Series: Cybersecurity

Welcome to the newest feature of the Energy Storage Chronicles Publication: Meet The Expert Series! The objective of this series is to engage with several subject matter experts on topics pertinent to the energy transition. The first topic of the series is cybersecurity. Energy systems are becoming more complex, sophisticated and of greater strategic importance. Investment in cybersecurity for these systems has been ramping up to keep pace with the advancement of the industry. Let’s hear from our guest contributor: Adam DiPetrillo, a senior cybersecurity consultant at DNV Energy Insights.

What was your path to cybersecurity?

I served in the US Army and Air Force for 20 years prior to joining DNV. During my service in the Army, I was an Information Systems Management officer, implementing and maintaining critical battlefield information services for combat units. In the Air Force I focused on cybersecurity of Department of Defense (DOD) networks, with particular emphasis on industrial control systems. During my last four years of service, I worked closely with regional utilities as part of a DOD initiative to support critical infrastructure providers to improve the cyber resiliency of their systems.

What is cybersecurity in the context of energy storage systems?

Unlike traditional consolidated generation facilities, distributed energy resources (DER) such as (solar, wind and storage) are not centralized in a well-defined network perimeter. Additionally, they have limited staff and are often remotely managed. This means that a traditional investment in network security must be spread out across the many sites under control by an operator. Further, the remote nature means that the logical network security boundaries are extended to remote users such as those working from home or third-party vendors.

How is cybersecurity significant to the energy transition?

The technologies supporting the energy transition are relatively new in nature. As we all know, security takes a second seat to function in most new technologies. Given the interconnected nature of our DER systems and the changing tactics of our cyber adversaries (criminal or nation-state), we must close the gap between the time it takes for security to catch up to function. Our adversaries are attracted to the technological designs (IP and trade secrets) to reduce their development costs and want persistent access to our DER systems to perpetuate cyber-to-physical impacts in the furtherance of geo-political interests.

What are the recent advancements in cybersecurity?

Recent advancements include the ability to use Artificial Intelligence (AI) to understand misconfigurations, vulnerabilities, and unauthorized events within networked systems. In some cases, AI can even be utilized to take pre-approved defensive actions to negate an event. The goal here is to limit the amount of time, and impact, that a cyber event can have on the system and the owner’s revenue stream.

Who are the major participants in the cybersecurity industry?

There are a number of pivotal role-players in the cybersecurity industry. System developers (Siemens, ABB, etc) are increasingly implementing more robust software and hardware security processes and capabilities. Owners/Operators are starting to understand that their systems and users are at risk and that there is a great need to mitigate those risks. Regulators and standards bodies (e.g., NIST, IEC and NERC) are constantly refining “best practices” or necessary compliance to align with the changing threat landscape. There is also a substantial growth in information sharing facilitated by the ISACs, CISA and other collaborations to help in the combined cyber defense. Finally, the growth of cybersecurity services and technology development is key for successful defense of our critical infrastructure. Capabilities such as technical vulnerability assessments or 24/7 remote network monitoring and active defense are game changers in limiting the likelihood and severity of cyber-attacks.

What are the major challenges or improvement opportunities in the cybersecurity industry?

The challenges of cybersecurity lie in the people. It is very hard, but important, to get the necessary investment for cybersecurity. That takes empirical evidence, such as a vulnerability assessment, to prove that a system is vulnerable, and the level of subsequent effort required to meet the corporate risk tolerance. It also means having a properly educated workforce that understands cyber threats to the point where they are not an unwilling participant in the perpetration of an attack. A highly mature company will have non-cyber staff who are educated to the point where they can detect symptoms of an attack and take necessary triage efforts before contacting the experts.

What is your outlook on the advancement of the cybersecurity industry?

Cybersecurity is a never-ending game - our adversaries have changing motives and methodologies. That means we have to adapt, and all play our role in a collective cyber defense environment. I am very optimistic that we shall find continued success through the continuous and iterative development of new technologies, refined processes and cyber-educated people.