Digitization, a double-edged weapon

EPES digitization and modernization is a double-edged weapon. Despite almost limitless advantages to be gained, digitization brings more opportunities for hackers to outrage the essential infrastructures. Networks are being linked, gaining complexity and allowing more devices to take part of the ecosystem, undoubtedly increasing the attack surface and weak points. How is this affecting the global energy domain? What are the possibilities to countermeasure this threat?

The electric network is widely considered to be among the most critical infrastructure in the world, especially in advanced economies. It is also one of the most frequently attacked infrastructures, with consequences that could usually reach far beyond the power sector. In particular, the power sector is seen as uniquely critical for the “enabling function” it provides across all critical infrastructure sectors. Services like transport, finance and water supply are among the most highly dependent on the energy network and would be severely impacted in case of failure, leaving the population, in a word, vulnerable. Among all the vulnerabilities of the electric power supply chain, the risk of cyber-attacks is perhaps the most challenging and has already overtaken the threats derived from human errors in quantity and complexity. Electric power companies from all around the world report continuous intrusions (or attempted intrusions) and, despite most of them fail, the activity is accelerating. Not only the attacks are rising, but the number of threat actors is increasing and their capabilities expanding. The rationale behind this is aligned with the growing use of digital devices and advanced communications and interconnected smart systems (e.g. IoT, smart meters, …), increasing the number of access points and hence, the exposure of the EPES infrastructures to cyber-attacks or external threats such as worms, viruses or data privacy breaches.  In addition, legacy systems such as SCADA/ICS lack of embedded cybersecurity measures by design and are usually target of hackers. Below, the most powerful cyber-attacks of the last decade.

Therefore, as grids become increasingly “smart,” the systems are gaining complexity, and the number of access points is rising. Moreover, as utilities introduce more commonly used software and information technologies into their operations, their systems may become more accessible. To overcome this, blockchain is one of the potentially disruptive technologies that raise high expectations across the energy industries with the still question mark of how blockchain applications fit into the relevant legal frameworks. As a transparent and decentralized transaction technology, blockchain may be able to provide the security that is missing in the design of many smart meters today, among other legacy systems and devices, and in combination with smart contracts, can be an answer to some of the most pressing questions of the energy transition, and a key component for ensuring security of supply, reshaping the energy industry entirely and turning electricity markets as we know them into decentralized structures.

From energy production to consumption, the PHOENIX project will address the prevention, detection and mitigation of cyber-attacks through blockchain technology, further exploring its capabilities and  derivative technologies such as smart contracts and distributed ledger technologies as the backbone of the proposed architecture and the main weapon to face the cybersecurity threats, protecting at the same time the end-users from data breaches.