Staying safe and smart

Siemens energy management division head of cyber security Volker Distelrath talks to Greg Pitcher about digital networks, data analytics and the importance of simulating cyber-attacks to stay safe.

Staying safe and smart

Q. How can smart power infrastructure help energy companies match supply to demand more efficiently?

A. There are a lot of changes happening in the industry with renewables coming onstream, increasing e-mobility, smart homes and consumers producing their own electricity. So there is a need to optimise supply based on demand. It has historically been easy to predict demand as consumers came home in the evening and turned on TVs and other appliances. This is changing and the supply side is also getting more complicated. If you want to optimise a network you need data from your supply, from your market and from external sources. To get that data you need to upgrade your infrastructure; you need to automate your infrastructure that informs you and makes moving energy around the network more flexible.


Q. How is Siemens helping power companies get more from digital technology, sensors and data?

A. There is a digital transformation underway, from the historic model with one-way flows from producer to consumer into one where energy moves in different directions. Siemens offers end-to-end solutions to address the challenges posed by this change; from the early-stage of consulting, to prototyping and design, implementation to operation and (digital) services. All of this with the purpose of keeping networks optimised and to offer new services to customers with the data collected. We are helping utilities to digitilise their infrastructure but also to use the new systems effectively for their particular circumstances. We consult with operators on their specific needs and offer them a roadmap for a digital transformation. Ultimately operators need automation in their networks if they are to effectively manage them. They also need to collect data and have connection to external market data. 


Q. What more could network operators do with data they are collecting? 

A. A key use of data is to offer new services for consumers but there are also possibilities to optimise networks and manage assets more effectively. If you discover a part might not last very long, you can plan to repair or replace it. You can plan investment and manage your assets and workforce better. In the end, data is a supporting element to maximise successful decision making. You can see why things go wrong to make sure you avoid repeat problems in the future. There are also opportunities to discover criminal activity – people looking to steal electricity or even assets from the operator. 


Q. What are the ultimate possibilities of digital power infrastructure?

A. Digital power infrastructure and the Internet of Things offer the opportunity for flexible services. Digitalising your network allows you to bring services to the market much more quickly. As well as getting more information back, you can change the way power moves around the network more quickly. As an operator you can get more from digital infrastructure this way – it allows you to offer customers more tailored ways to use or pay for energy. The closer you can get to the customer’s specific needs, the better for business.


Q. What technology is Siemens using/developing to get more value from the Internet of Things? 

A. Our MindSphere platform is a cloud-based, open Internet of Things operating system that carries out advanced analysis of data collected throughout multiple cross-functional silos. Another Siemens platform for transactional use-cases in the energy domain is Energy IP. It enables data to be processed very quickly from a huge range of assets and smart devices, aiding grid optimisation and asset management. Siemens also produces systems underneath these platforms, to collect the data they use. In the rapidly modernising energy market, you have to collect data and use it well. You also have to protect it. You must consider ownership of data (privacy) and make sure it is protected and used in a secure way, that’s of upmost importance for consumer and customer acceptance.


Q. What kind of cyber threats should power firms be concerned about?

A. The more connection there is across the network, the higher the risk of cyber attacks such as ransom ware or threats of sophisticated attacks. Manipulation of critical process data is one major concern in digital networks. The more you digitalise, the more important the integrity of the data is – you don’t want to work with the wrong information. If someone changes the tariff, this can harm the business financially but also it could lead to a surge in power demand or supply. This is one key threat. Other risks can be introduced indirectly by cyber-attacks to third party service providers such as e-mobility or smart homes that can lead for example to a burst of consumption at a scale that can affect the operations of an energy grid operator.


Q. What is your key advice to operators who are trying to keep their networks safe from cyber threats?

A. Our advice is to keep cyber security on top of the agenda – and these days operators generally do. They need senior manager buy-in and a strategy in place. Cyber security has to be addressed holistically: it has to include people, technology and processes. You must do a risk assessment following international standards: ISO IEC 27001 is a standard we recommend. Above all else remember there is no 100 per cent security; the risk is always there, however high you raise the bar, consequently you have to have organisational preparedness and disaster recovery plans in place – and to test them. You need to train regularly as though you are under attack.


Q. How valuable is data held by operators and in what ways are hackers targeting the smart grid?

A. First and foremost, data is very valuable to the power operators themselves. It is for their network operation, asset management, forecasting and so on. There might be internal data and also information from external sources, and they need to ensure integrity of the facts. It can also be valuable to consumers – if we are talking about credit card details for example – and to criminals or malicious forces. There have been a lot of attempts to get information using phishing emails and similar scams to get access to a network and its data. Hackers will target consumers and operators so you need clear policies in place for all staff handling data. Use the international standards. ISO IEC 27001 is one we recommend following.


Q. Are UK operators moving quickly enough to secure their networks and data?

A. I think they do a lot of work on security and keeping pace with the changes and threats. They also understand it’s not an issue that single organisations can tackle alone. In the UK there is the E3CC Cyber Security Task Group run with the support of the government. This is a forum for discussing and addressing topics and it represents the right approach because there is so much inter-connectivity and inter-dependency. I also think it’s a topic that goes beyond the UK. There is a strong connection with mainland Europe so there is the need to keep involved in associations such as ENTSO-E that are looking after cross-Europe network security and it is important that the UK remains part of this activity even after it may leave the EU. 


Q. What work is Siemens doing to help facilitate networks’ digital transformation of data?

A. Siemens helps customers implement cyber security in line with standards. We show customers we have the right processes in place and can support them with migration of infrastructure to meet digitalisation targets as well as cyber security targets. We create roadmaps to achieve both; they go hand in hand. We work as a trusted partner, consulting with the customer based on standards and their specific requirements. That is the best way to secure the investment for the future. 


Q. What work is Siemens doing to mitigate the risk of cyber-attacks?

A. Siemens has dedicated teams, processes, people and technologies for this purpose. As well as other methods of support and prevention, we have a central point of contact for customers to get a fast detailed response to any emergency security concerns. We also work with security companies; we are active in cross-industry forums; we attend conferences and connect with more than 200 security companies around the world to stay up to date. Siemens has initiated and signed the Charter of Trust pledging to work on 10 key measures to maximise cyber security. 


Login on register to comment

Login Register

Related content

Related supplier content