Cyber Security in the Power and Utilities Space
Benjamin Beberness is the Senior Vice-President for the Industry Business Units (IBUs) at AspenTech with responsibility for assuring that AspenTech’s portfolio of solutions, services and partnerships deliver the highest value for the customers in asset intensive industries. The IBU team showcases AspenTech solutions and consults customers on realising the business value generated by the AspenTech portfolio.
Benjamin joined AspenTech in 2023. Prior to AspenTech, Benjamin led the oil, gas, and energy IBU at SAP. Prior to SAP, Benjamin held the role as the CIO of Snohomish County PUD where he was responsible for all IT/IoT strategy, operations, and cyber security. Before Snohomish, he held the position as Director of Delivery Services for Berkshire Hathaway Energy in Portland, Oregon.
He has extensive experience managing a broad range of technology, security and compliance issues including 25 years in large scale management roles. His background also includes work for Williams Gas Pipeline in Houston, Texas, and the Deloitte and Touché Consulting Group / DRT Systems. Benjamin also serves on several company boards and is currently on the Board of Stonebridge Consulting.
Benjamin sat down with Cyber Magazine to discuss how cyber threats are impacting the energy space.
What do you see as the top three cyber security challenges facing customers in the power and utilities space?
Power and utilities companies are increasingly challenged by the growing complexity of their IT and operational technology environments. The integration of new internet-connected components across the grid has exponentially expanded potential attack surfaces that must be secured.
Maintaining compliance with an ever-changing regulatory landscape also consumes significant time and resources for many. While regulations establish a minimum standard, they do not guarantee protection and can foster a false sense of security.
A further challenge customers face is the constant emergence of new and more sophisticated cyber threats from both criminals and nation-state actors. The underground market for cyber weapons allows even less skilled attackers to easily acquire tools originally developed for major breaches. To truly safeguard their critical infrastructure, utilities must address complexity, avoid complacency, and continually advance their defences against the evolving threat landscape.
How do you expect the key cybersecurity challenges facing power and utilities companies to evolve over the course of the next five years?
Over the next five years, the key cybersecurity challenges facing the power and utilities sector will significantly intensify. Regulatory requirements are likely to further mature in order to keep pace with emerging risks, though compliance alone will remain insufficient. Geopolitical tensions may drive additional state-sponsored cyber-attacks on critical infrastructure. Meanwhile, exponential gains in computing power will continue to rapidly accelerate the rate at which new threats can be developed through technologies like AI.
As electrification and decarbonisation efforts require modernising ageing grid systems, connectivity of operational devices will surge, expanding potential vulnerabilities. Utilities must proactively manage the attack surface through secure design, while readying robust and agile response capabilities. A risk-based approach to cybersecurity investment will grow in importance as the consequences of even minor disruptions escalate in our increasingly digital and interdependent world.
How big an issue is cyber-security for the power and utilities sector? Are we seeing it rise up the priority list?
Cybersecurity has rapidly emerged as a top priority issue for the power and utilities industries in recent years. Traditionally, many utilities have been reluctant to publicly discuss cyber risks, viewing security practices as a competitive advantage best kept secret.
However, taking a closed approach can backfire by leaving organisations on the defensive when incidents do occur as they will have to then communicate what and why they followed a particular cyber practice. The rising complexity of grid systems combined with increasingly sophisticated nation-state threats have underscored that cyber-attacks pose a major strategic risk.
A proactive strategy of transparency about defensive efforts is needed to engender public trust while informing continuous improvement. Regulators have responded by elevating cybersecurity standards, reflecting its mission critical nature. Going forward, utilities must acknowledge cybersecurity as a leadership issue demanding diligent C-suite oversight and investment commensurate with the growing risks of our digital age.
Are organisations across the power and utilities sector investing enough in cybersecurity today? What areas should they be investing in and what more could they be doing?
Most utilities and power companies have yet to invest sufficiently in cybersecurity commensurate with the risks. While larger businesses have made strides, smaller operators with potentially large impacts may have the expertise and may not be allocating resources according to their true exposure.
All organisations should conduct thorough risk assessments to strategically prioritise the fortification of critical assets. Mere defence of existing systems falls short, especially as grid architecture evolves. Cybersecurity must be woven into new technologies from their inception. While prevention remains crucial, utilities should simulate white-hat attack scenarios to test incident response plans and explore innovative models like cloud-based backup control centres. Above all, a robust security culture demands ongoing board-level vigilance and widespread adoption of best practices throughout the supply chain.
**************
Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
**************
Cyber Magazine is a BizClik brand
*************
