The cyber challenge
COVID 19 is showing how we are dependent on critical infrastructures, which are often the subject of conflicts that we are not always aware of or whose we only become aware of when everything has already happened.
The cyberwars have silently begun; we only notice this when cyberattacks cause national blackouts or compromise critical infrastructures; examples are the APT (Advanced Persistent Threat) attacks targeting SCADA systems of energy infrastructures, especially wind farms.
There are often no economic motives, there is the sole and direct intention of putting an enemy country in the corner by hitting its economy and undermining the functionality of the major strategic and institutional structures. Strategic infrastructures might be, already, unknowingly mined, and enough ready to collapse by a click.
Electricity is vital for the economy and society; its unavailability, even temporary, has a strong impact on the provision of other services such as transport, finance, communications, water system, health, etc. when backup systems, properly sized, are not foreseen.
While on one hand, the decentralized and digitized EPES is putting different global electrical grids in close interconnection, on the other hand, cyberattacks can spread very quickly among the continents, without a synchronized resilience mechanism.
Even at a social level, 5G, the Internet of Things, the Smart City, and Artificial Intelligence expose us to risks as the front of the attack widens to directly involve common end users; today, the effects of an attack on a global scale would be devastating. A successful cyberattack could undermine public confidence in a particular utility by altering the value chain.
The emerging scenario requires the provision of adequate countermeasures. A proactive approach based on security by design can certainly help, which foresees the application of cyber security concepts to be updated and implemented during the life cycle of IT / OT / IoT solutions and infrastructures already. Progress must also be made from a legislative point of view, harmonizing the cyber security regulations of the different countries.