Utility Week - authoritative, impartial and essential reading for senior people within utilities, regulators and government
Issue link: https://fhpublishing.uberflip.com/i/783648
utILIty WeeK | 10th - 16th February 2017 | 21 Operations & Assets Market view E DP Distribuição is the electricity dis- tribution company of Energias de Portugal and it recently became the newest member of the European Network for Cyber Security (ENCS), a non-profit industry organisation for improving cyber security in European critical infrastructure, focusing on energy grids. The smart grid offers a host of advantages to both consumers and utilities, but when- ever you connect things to a network that were not connected before, you introduce new risks. We need to make sure the electric- ity grid is cyber secure and that consumers and their data are protected. If cyber security is seen as an aerthought, that opens the door to some big problems. In Portugal, we have been working and evolving the smart grid since 2005/06 with the Inovgrid project. It was quite an ambi- tious project from the start. We looked at the whole smart grid value chain – renewa- bles, electric vehicles, consumers producing their own energy – and the challenges to transform a network system operator into an active distribution system manager. And we did it through a customer-centric strategy, empowering people to make their own deci- sions about their energy usage. An initial pilot project in Évora reached 30,000 customers, and seven more recent projects have involved around 100,000 customers. For EDP Distribuição, an end-to-end cyber security strategy was a key concern even before the start of the Inovgrid project. About ten years ago at EDP Distribuição, as we looked to rationalise and optimise our operations, we realised we would have to look for a strategy more leveraged in outsourcing. As our operation technology was becoming more exposed, and our pro- cesses and technologies more complex, we acknowledged we had to look closely at cyber security and data privacy. We did a lot of work identifying our main vulnerabilities and risks, and its corresponding controls, and we launched a portfolio of projects to address them. We started increasing our visibility over cyber activities in our systems, managing access and privileges, applying network seg- regating and system hardening techniques. At the same time, energy grid cyber security started to feature prominently on the EU's agenda, and a number of pan-European discussions and projects began to emerge. It was by that time we first started talking to ENCS. We were looking for forums and trusted communities to learn how to be more effective cyber protecting our critical infrastructure. We first started working with ENCS around 2011. We worked on a few different projects, including having ENCS training on cyber security at its offices in the Neth- erlands, using the hackers versus company role play model, which really helped us to better understand how cyber security works and how the "game" is played. Simply put, our membership of the ENCS means we can give our customers an extra confidence and assurance that we are work- ing to keep them and their data safe. By working collaboratively with the European community for a more cyber secure energy sector, we keep consumers, their data and the electric distribution grid protected. These things are too important and the stakes are too high. As an industry, we cannot afford to make the same mistakes twice. If a utility or distribution system operator discovers a vul- nerability that can be exploited by attackers, it cannot keep it to itself and wait for others to figure it out on their own. We need fast and effective information-sharing and co- operation, since a wait and see strategy is not an option. The hackers will share information so we have to it as well. In an increasingly connected world, it is essential that we all work with each other. One industry we can learn from in particular is telecoms. First, because the two sectors are mutually dependent (telecoms compa- nies need energy to operate and electricity grids need telecoms to conduct their opera- tions), but also because the telecoms sector has been confronted with a lot of the same challenges in the past. Telecoms got smarter earlier than the energy grid. In telecoms, there has already been a huge shi from analogue to digital grids, and they have dealt with all the processes of service providers tendering for manufactur- ing contracts and having to figure out how to build in cyber security. These are all chal- lenges we are facing now, and although there are some obvious differences, I believe we have a lot to learn. Aurelio Blanquet, director at EDP Distribuição Unite for cyber security Aurelio Blanquet talks about the Portuguese smart grid, membership of the European Network for Cyber Security, and how energy grids must meet the challenge of cyber security. EDP Distribuição Founded 1976 Headquarters Lisbon, Portugal Key people Chairman Eduardo Catroga CEO António Luís Guerra Nunes Mexia Key numbers Revenue €15,517 M (2015) Operating income €2,443 M (2015) Profit €1.012 billion (2012) Total assets €42.63 billion (2012) Total equity €11.43 billion (2012) Employees 12,084 (2015) Key points Whenever you connect new things to a network, you introduce new risk. Smart grids require connectivity to em- power customers. Operational restructuring o en requires outsourcing to third parties, which has cyber security issues. Through the European Network for Cyber Security, grid firms can pool knowledge. Best practice can be adopted form other sectors.