Cybersecurity for Electricity Utilities: Where to Begin?

In 2017, there were more than 500,000 attempts to attack targets in cyberspace every minute. Fast forward to 2021 and we’re starting to see the effects. From the raiding of company email servers to the shutdown of 45% of the US fuel pipeline, infrastructure is emerging as a profitable target for malicious actors.

Digitisation trends of infrastructure networks may provide benefits for maintenance and operations, but they also introduce risk for opportunists and sophisticated cyber criminals to attack power systems.

In the past, power systems protection and control technology was secured by physical means. Traditional SCADA control telecommunications infrastructure was isolated from the general public, and security scrutiny remained entirely on preventing internal threats.

Today, new control and automation equipment is leveraging our global learnings of the internet, transitioning to using the Internet Protocol (IP) stack as the primary means of communications. There are many advantages in doing this, provided that vendors adopt the same IT network management standards that are currently used in securing traditional business computing assets, but this also increases the attack surface and exposes assets previously inaccessible by external threats.

“The IEEE 1686 Cyber Security Standard will set the benchmark for IED manufacturers in the future,” says NOJA Power Group Managing Director Neil O’Sullivan.

“Customers serious about cyber security should be making sure their suppliers have IEEE 1686 and IEC 62351 compliance roadmaps.”

As equipment vendors such as NOJA Power implement cybersecurity systems in these connected protection devices, a working understanding of electrical system cybersecurity becomes an important skill for the electrical engineer.

In this whitepaper we provide an overview of cybersecurity standards applicable to electrical engineering contexts, including IEEE and IEC standards viewpoints.