Utility Week

20 | 31ST MAY - 6TH JUNE 2019 | UTILITY WEEK Operations & Assets Market view F rom smart lightbulbs that light up before you arrive home to smart ther- mostats that learn to heat your house based on your daily routine, today's home devices can be programmed to work exactly when and how we like. Thanks to artificial intelligence, tomor- row's connected washing machines could operate themselves to ensure maximum cost and energy efficiency; automatically starting a cycle at the exact moment energy is cheap- est and switching to the energy supplier with the best value tariff. But this speed of innovation comes with a serious security challenge: with so many devices connected to their networks, how can utility providers remain secure? High- profile data breaches and cyberwarfare are on the rise – the infamous Ukrainian Black- Energy power grid attack springs to mind – so no provider of connected infrastructure can afford to underestimate the ingenuity of those looking to exploit network weaknesses. As Japan prepares to assess the security of 200 million network-connected devices before the Tokyo 2020 Olympics, it falls to the UK's utilities industry to pre-empt offi- cial regulation and take steps to defend their own systems from cyberattack. Partnerships that boost network security Ensuring total network protection is no mean feat and, for most utility providers, a mix of legacy systems and new technology presents an added layer of intricacy. There's a balance to strike between investing in new network infrastructure and managing the security risk of older systems before they can be phased out. But it's not just kit that has to evolve; achieving cultural buy-in on a cybersecurity strategy can be just as tricky. Establishing the fact that security is both an organisation-wide responsibility and an efficiency driver is a good start, but utility companies should also make sure they're operationally prepared by running network breach simulation exercises. And still there's more – utility compa- nies must now be experts in both engineer- ing and information technology (IT) – as operational technology (OT) and IT converge. Network security relies on seamless com- munication between system hardware and so'ware, and as smart networks incorporate a growing number of technologies, it's up to the utilities industry to lead the way in inno- vative, yet secure, network integration. This is where a trusted, experienced net- work support partner can make all the dif- ference. Arqiva's commitment to security extends to everything we do, including our closed internet-independent communica- tions network built to support smart infra- structure. Our network is designed with robust security features baked in, and uses highly secure licensed radio spectrum, rather than the internet, to connect smart devices, avoiding the vulnerability of online communication altogether. A security-focused supply chain A network is only as secure as its weakest link. Even with a fortified infrastructure part- ner, utility companies cannot guarantee the operational security of their suppliers and affiliates. Cybercriminals are adept at sniffing out any potential chink in the armour, even when it's through a third party. So, it's down to providers to carry out their own supply chain security investiga- tions, checking contractual requirements, auditing suppliers where possible and keep- ing security investment costs in mind when procuring. For many, the best option is to become members of the Information Security Forum, which means your suppliers are sub- ject to its supply chain assurance framework. Where an organisation may not meet this set of standards, this means you can work with them to improve cybersecurity measures before moving forward together. This collaborative approach benefits the utilities sector as a whole. A'er all, network security is a risk and a responsibility we all share. The Network Information Services (NIS) Directive was introduced in 2018 but somewhat overshadowed by GDPR. It rein- forces this point – "organisations within vital sectors which rely heavily on information networks, such as utilities, are required to take appropriate and proportionate security measures to manage risks to their network and information systems." Failure to comply can lead to severe fines. Keeping utility consumers in the picture Defending the supply chain becomes even more vital considering it's all-but-impossible to manage how customers choose to use energy in their homes. Unless a device is no longer working, it's unlikely consumers will prioritise upgrades or replacements. That's a vast number of smart devices and appliances potentially vulnerable to attack. Placing the onus on manufacturers is problematic too – although utilities would do well to work with them to devise a base- line security standard for smart devices. That's not to say there's nothing utility providers can do to help customers safe- guard their devices; in fact, open communi- cation can go a long way towards changing consumer consciousness. The banking industry is a great example – by highlighting how to recognise bogus emails and reinforc- ing the importance of password protection, banks have successfully educated their cus- tomers on the risks of online fraud. Providing guidance in areas like these also helps organisations strengthen trust messages with consumers, which will be crucial as internet of things devices become more commonplace. If, for example, util- ity companies could save energy by limiting power to a smart fridge in the early hours in return for reimbursing the owner's bill, they will need to be completely transparent in how they go about it. Prioritising network security As technology advances and networks expand, it will take a sector-wide focus on cybersecurity to create a secure operational state in the utilities industry. Collaboration will build stronger and more secure networks than isolated systems ever could, so it's vital that providers keep this aim high on the agenda, as individuals and as a collective. Denis Onouha, chief information security officer, Arqiva How to secure the future today Connected appliances and devices are transforming the nation's homes. Denis Onuoha asks what this means for utilities and how cybersecurity can be ensured in the age of the internet of things.

• Cover