Info
Info
News Article

Energy Security Is A Growing Concern

News
Solar and PV energy will become a larger part of the future energy needs of the UK and as such will become prone to security challenges. This is an area that solar and PV providers will need to become more aware of. Calum MacLeod, EMEA Director with Enterprise Key and Certificate Management (EKCM) specialist Venafi, explains why there is a pressing need to implement robust encryption key and digital certificate management on national energy grids

Unless you've been down a mine shaft these past few years, it should be clear that the security threats landscape has been changing "“ and not always for the better.

Taking a leaf out of the Department for Homeland Security and US-CERT, the European Network and Information Security Agency (ENISA) has recently issued guidance on the security of energy critical national infrastructures (CNIs) of European Union countries. Amidst all of the advice, however, one issue that has been missing is that enterprise key management should form the central backbone of any energy sector security strategy. This need has become increasingly important as a business imperative in order to ensure that organisations maintain control over trust. 

While ENISA has made reference to encryption, cryptographic controls and managing authentication in its advice, our observations suggest that the agency has not adequately addressed the specifics on key and certificate management. Real-life examples exist today of systems having unauthorised access gained through the use of digital credentials, in the form of SSL certificates, that were either out-dated or created using algorithms that are known to be weak. These weak credentials create a risk that secure communications can be intercepted and altered or that unauthorised individuals may gain direct access to critical systems. A hacktivist or cyber-terrorist could intercept a secure communication between a power plant and an electrical distribution system, and ensure that too much power is delivered across a transmission line thereby damaging the line. Alternatively the same entity may gain direct access to a computer system within the power plant and insert malware that would directly control the industrial control systems and thereby shut down or physically damage the plant.

The bottom line when it comes to defending country-based Critical National Infrastructures (CNI) "“ such as the energy grid - is that you cannot control - and document for audit and compliance - the use of encryption and strong authentication without effective key and certificate management.

ENISA is advising that smart grids need to build security in from the ground upwards, using encryption and strong authentication tools such as digital certificates to secure data and access. While this is sound advice, I believe based on conversations with our enterprise public and private sector customers that the only way for smart grid providers to effectively control and document these critical trust and security instruments is to deploy effective key and certificate management as an integral feature of their security architecture. This is especially true in the UK, based on the CNI architectures we have encountered "“ and I strongly suspect that the Information Commissioner's Office (ICO) will take the same view.

To ensure secure and trusted communications, certificates and keys validated by third-party CAs will play a critical role. Very much in the same way that ecommerce and other web-based transactions and communication systems are protected by certificates and keys, they can also effectively protect Internet communications that support interoperable system communications, thus hardening them against threats and attacks. While the strategy of using certificates is well proven and a security best practice, recent history has shown that if not properly managed a dark side to certificates can emerge. Lessons from the last two years demonstrate that certificates can be falsified, compromised, destroyed or stolen"”leading to devastating attacks and data breaches. 

Nevertheless, those certificate failures cannot be blamed on the certificates themselves. The problem actually stems from the lack of proper management of the security and trust instruments. Improper certificate and key management that leads to security compromises is exemplified by some "worst practices" use cases. With the UK data regulator now hitting its stride on best practices and guidance "“ as shown by the recent maximum fine of £250,000 against Sony for its PlayStation Network breach back in 2011 "“ it is clear that the ICO will be looking to CNI security strategists to secure the UK's energy, communications and allied infrastructure networks.

We know that UK energy companies have progressively been deploying the end-user building blocks in the country's smart grid for several years now, as mandated by the Energy Act of 2008. The UK has been loosely following the smart meter blueprint laid down by Sweden, which "“ as you might expect with its high-tech reputation - was first out of the gate with smart metering pilot studies way back in 2001, moving up to a commercial rollout that started in 2009, and which is continuing to this day. The rollout of smart meters in Sweden has accelerated in the last 18 months or so, following the Swedish government's mandate on energy suppliers to provide monthly meter readings for customers.

Coupled with the fact that Swedish energy suppliers can no longer send bills based on estimated readings - and the time allowed to correct billing errors has been reduced from 13 to just two months - it's no small wonder that the energy companies there are keen to complete their smart meter rollouts in as short a timeframe as possible. Let's hope that the smart meter rollout in the UK achieves similar successes on the deployment front "“ and lays the foundations for a robust and secure critical national infrastructure energy grid. The next few years will, we think, set the pace for how the UK defends its CNI "“ installing the best security is a logical step towards this goal.

© 2013 Angel Business Communications. 
Permission required.

UK'S Largest Battery Ready To Balance The Grid
FRV And Harmony Energy To Develop Second UK Utility Scale Battery Project
Everoze Creates Skyray To Design And Engineer Great Solar PV Projects
FIMER Powers UK Largest Rooftop Solar Project
TLT Advises Innova Energy On £30m Refinancing Of 57 MW Solar Portfolio
Power Roll Trials Solar PV To Power Up Himalayan Villages
New Innovation Set To Change Renewable Energy Market
Oakapple Renewable Energy Appoint Stuart Gentry To Head Business Development
Solar Power As Rental Offer Launched By Aggreko
Ingenious Invests In Electric Vehicle Charging Firm
The Smarter E South America Postponed To October 18-20, 2021
Sonnedix Named ESG Global Solar Power Generation Sector Leader By GRESB
Greencoat Renewables Announces First Transaction In Nordic Market
SOLARWATT Links With Easy Roof To Provide Building-integrated PV For Better-looking Buildings And Smart EV Charging
Low Carbon Develop UK’s Largest Community-owned Solar Park
UK Green Tech Company Myenergi To Double Workforce By 2021
Sunstore Solar Launches WattGrid, A New Range Of Turnkey Off-grid Power Systems
Analysis Of UK Commercial Roof Space Shows Solar PV Film Can Achieve Net Zero Without Greenfield Sites
Sharp Launches New 440W Half-cut Cell PV Panel
Tandem PV Devices Feel The Heat
Habitat Enerdy Enters Balancing Mechanism With Largest Battery
NextEnergy Capital Acquires Its First Asset In Portugal 17.4MWp Solar PV Project
Going Green In Lancashire – Hundreds Of Houses Installed With Solar Panels In Ground-breaking Project
TLT Advises Santander On 30MW Flagship Battery Storage Project
×
Search the news archive

To close this popup you can press escape or click the close icon.
Logo
×
Logo
×
Register - Step 1

You may choose to subscribe to the Smart Solar Magazine, the Smart Solar Newsletter, or both. You may also request additional information if required, before submitting your application.


Please subscribe me to:

 

You chose the industry type of "Other"

Please enter the industry that you work in:
Please enter the industry that you work in:
 
X
Info
X
Info
{taasPodcastNotification} Array
Live Event