What is cybersecurity
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; or simply, interrupting normal business processes.
Implementing effective cybersecurity measures is challenging today because the attackers are becoming more innovative, and there are more devices than people.
Why is important
The energy sector constitutes a crucial part of critical national infrastructure, for this reason, there has been a steady growth in the successful cyber-attacks over the recent years on this sector.
A cyber-attack at these environments might affect to the electrical network stability and availability within a region in the country or even a larger area, which means not only a huge a business impact, but operators’ safety is put also at risk.
In addition to that, technology behind renewable sites is becoming steadily more complex because of digital infrastructure needed, software dependencies, network topology, etc., which multiplies the number of vulnerabilities, particularly when that infrastructure has not the proper attention from security point of view.
Cyber threats
There are several technical threats that could affect to the digital infrastructure because of the need to connect remotely. This involves unencrypted connections, technical known vulnerabilities and exposures (CVE) from systems on site that could enable malwares, backdoors, DNS spoofing and many other techniques to affect to current or future behavior of digital components. Or even worse, DoS or DDoS and MITM techniques using botnets and advanced persistent threats could disrupt normal operation and affect to the energy asset as well.
In addition to that, internal technical threats because of unsafe network designs, communication protocols chosen, software dependencies (like SRI), lack of patch management policy or simply information risks because of bad human habits can make useless any cyber protection. It is well known that a system is only as strong as the weakest link, and this involves people as well, so social engineering needs to be considered as an important threat too.
How GPM applies cybersecurity to its products
GPM uses proactive and reactive strategies to apply countermeasures that reduce the risk of a breach
The Proactive cybersecurity aims to reduce the probability cyberattacks to happen. First step is to identify risks and their impact, including threats caused by human behavior or technical vulnerabilities, and then to manage barriers for building countermeasures such as network and endpoints monitoring, penetration tests, patch and access management, audits, proper network design, staff training on information security, IDS, etc.
On the other hand, the Reactive strategies focus on bulking up the defenses against common attacks and tracking down hackers that have broken through the security measures. Despite to have excellent proactive strategies, GPM must be prepared for the worst attacks. To guarantee a fast response form attacks, our company counts on proper Disaster Recovery Plan (DRP) including backups, online append-only replicas and a distributed shared-nothing architecture.
A cybersecurity case study
Overview
GPM send and store monitored data gathered on site on certified Data centers (SOC1 type II and IEC27001) where data layer and applications are hosted and kept while the service is active without data retention limits. But since some years, the cybersecurity concerns are growing into the world governments, to such a great degree that some countries are banning to send monitoring data out of their countries or regions by law.
Additionally, Operational Technology (OT) and Information Technology (IT) networks on site are required to be isolated, and external connection is limited to a DMZ to eliminate any vulnerability exposure. This affects to external services such as external production forecasting data used in SCADA.
Approach
In order to be complaint with country security regulations, a valid cloud provider in the region was selected to deploy GPM software and communication layer. Different IPSec site to site VPNs were set up between the local provider, the site and customer network, in order to ensure data confidentiality and integrity on transit.
The solution includes the deployment of GPM Scada at the remote datacenter. Data is being pushed from the GPM Scada on site instead of polling data from the datacenter, and GPM software ensures data backfilling in case of failure. Therefore, data is being stored consistently, and at the same time GPM Scada dashboards are available for analytics purposes.
On the other hand, to answer to the operational Technology (OT) and Information Technology (IT) Network isolation requirement, firewalls are deployed to isolate the networks and manage the access. Interaction with external forecasting provider is performed from a server placed in the DMZ which receives production and sensor data from the OT network and can connect with the external provider to push that data and download the results. Those results are then exposed internally to be gathered from the OT network and finally ingested as another source of information in the GPM Scada system.
Lessons learnt
GPM, as a customer-centric company, looks for best solutions to meet customer requirements in terms of safety, trust, and good practices in the renewable energy sector.