Industry, utilities and critical infrastructure facilities like the ones in the energy sector rely heavily on electrical, mechanical, hydraulic pneumatic equipment. These are monitored by sensors and remotely managed by technicians using specialized computers and software. Industrial processes are controlled safely from kilometers away and all critical parameters are displayed in real time on Control Room screens.
ENEVO Group is a Romanian company specialized in designing and commissioning SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control System) solutions. It has implemented Dispatch centers for power plants, designed control solutions for hundreds of MW in hydro, solar and wind generation and it is involved in highly complex projects for medium and high voltage substation automation and protection systems in Romania and the Middle East.
We know first-hand that this type of solutions makes every process more efficient, reliable and safe. But we are also aware that in recent years they have become the target of highly specialized cyber-attacks. When successful, these attacks cause millions of euros of damages, long term loss of essential services and can even lead to loss of life. It’s no wonder most nations now consider cyberspace a distinct battlefield, along the classics: earth, air and sea. This is the reason why we design our solutions according to the most recent best practices in cybersecurity, even if many of our clients overlook such requirements as they initially don’t grasp why they’re necessary.
We know that people responsible for keeping industrial facilities working may not be as aware of cyber threats as people from, for example, banking services, who have dealt with their damages for many years. Technological latency in a sector like energy, where the average equipment costs many millions of euros and has a life span of tens of years, is understandable. But such a latency becomes a critical vulnerability in a world where hackers are no longer just skilled misfits happy to break into NASA’s servers or techno-thieves targeting ATMs and bank accounts, but states or state sponsored groups with unlimited resources and malicious intent. When the first substation will be disconnected by a compromised control system, it will be too late to realize the importance of appropriate safety measures.
How do we defend against such threats? On the short term, by taking them seriously and by using already available technology to discourage the basic and medium level ones. On the long term, with more modern regulations for industrial communication systems and by expanding the industry skill set, in order to mitigate the hardest of attacks, when they will happen. When, not if.