By Kirstie Wong
As cybersecurity threats increase in sophistication and reach, the power generation sector needs to increase its resilience against cyber-attacks, and enhance its cyber defence capabilities, said Dr Philip Andrews-Speed, Senior Principal Fellow, Energy Studies Institute, National University of Singapore (NUS), while speaking at a SIEW 2016 roundtable entitled “Cybersecurity Strategies in Power Generation: Defence or Resilience”.
Global power systems are undergoing a transformation, and new trends such as the increasing use of renewables and the integration of power systems across borders are coming into play. These lead to critical issues and challenges for information systems, said Matthew Wittenstein, Electricity Sector Analyst, Gas, Coal and Power Markets Division, International Energy Agency (IEA).
Many people see cybersecurity as a technology problem, but what really underscores the defence and resilience of the whole ecosystem was intelligent human management. “There is no such thing as 100% cyber protection,” said Mr Ngai Chee Ban, Operations Leader Asia Pacific, Honeywell Industrial Cyber Security. “It is about how much you protect your ground. If you are putting on a good fight, there is no reason for them [hackers] to continue fighting with you.”
Mr Ngai spoke further about the defence and resilience strategies that the power sector need be aware of to counter cybersecurity risks. “Increasingly, industrial control operators are departing more and more from the legacy technologies that they are using. With the increasing requirements of the demand and supply chain on distributors and power sector producers, there is demand for them to connect to the world”.
Mr Akhlesh Kaushiva, Programme Manager, Department of Energy, United States, spoke on the US perspective on cybersecurity in the power and electricity sector, and explained that power systems are now expected to operate 24/7, with high reliability and availability. “The energy delivery control system must be able to survive a cybersecurity incident while sustaining critical functions. Real time operations are imperative, also real-time emergency response capability is mandatory.”
Mr Kaushiva shared that if there are near real-time variables impacting the operations of a power system, power operators would need tools that are faster than real time. The US has ongoing research and development in faster than real-time modeling and new tools to tackle these issues.
Mr Lim Thian Chin, Deputy Director and Head of CII Protection, Critical Information Infrastructure Division at the Cyber Security Agency of Singapore and Dr Madan Oberoi, Director of Cybercrime at the Interpol Global Complex for Innovation joined the speakers for the panel discussion. The panel acknowledged that cybersecurity was a present and real threat to society, and agreed that multi-stakeholder collaboration for the private and public sector, through learning and sharing of information in global sharing platforms, was vital for the power sector to continue improving its capabilities in cybersecurity.