The energy digitization
The digitization of the energy supply chain generates new functions and services which are essential for the distributed generation model typical of renewable energies. New tools are introduced for optimizing energy production and preventive maintenance thanks to telemonitoring and remote control. The end-users have the opportunity to reduce consumptions and optimize investments too.
A growing interconnection and integration of the IT networks of the power stations, plants and equipment used at the different levels of the energy chain is requested and this exposes to threats usually associated to classic information systems and corporate networks. However, there is a significant difference: in the case of cyber-attacks to energy assets, the risks can be very high, as it can lead to temporary unavailability or damage to a country’s critical infrastructure. The risk increases if we consider that, historically, industrial energy assets mainly worked in stand-alone mode and therefore were not subject to attacks, so that, consequently, the operating systems and software installed were rarely updated and therefore the system vulnerabilities never eliminated.There is a real risk associated with compromised emails, IP addresses exposed to the public and services exposed on the internet. Potential threats can affect production, transmission, local distribution and IT networks, four key elements of the energy system. ;There is a threat of unauthorized access to the network and to the SCADA systems with possible disruption of the power supply at different levels, the victims of which are both energy companies and end users.
Nowadays we are working a lot for solving the overproduction issue and therefore we are increasingly adding to the already consolidated energy infrastructures the new frontiers of storage and hydrogen plants, accumulation systems that require a high-level artificial intelligence of the systems that have to manage a huge amount of data to be analyzed and collected, in order to self-learn and better address the choices of operators. The companies that operate in the energy field seem very interested in the cyber security issue since they often manage plants by remote, therefore highly risk exposed. It must be considered that a not proper use of emails or company devices on the web can lead to access to reserved credentials exposing the companies to risks in terms of image and reputation damage. A greater awareness of the subject and of the risk is therefore very important. More than the digital factor, the main element of risk is the human factor. In this sense, there are still very few companies that carry out risk analysis activities in a systematic, proactive and predictive way and that allocate funding for cybersecurity.
The Phoenix project works in this direction developing tools able to challenge the cyber faults and crimes, increasing the awareness of all the involved actors.