However, in recent years a new and potentially more insidious threat category has come to the fore: cyber security. While cyber attacks are not new, the core operations of energy companies have been relatively well insulated from them as they were not connected to the internet. However, as energy companies turn to IoT meet growing demands for power, evermore parts of their operations are being connected, creating new vulnerabilities and risks.

Today’s cyber threats are persistent, well organised and constantly evolving. Considering the energy sector underpins the operation of every country’s society and economy; these organisations are prime targets for malicious hackers who may be looking to exploit and bring down an industry that billions of people depend on. The effects of a breach or service disruption could have disastrous consequences, potentially leaving entire regions without power. This is no idle concern – consider the Ukrainian power grid cyber-attack of December 2015, where hackers successfully left 230,000 citizens in the dark by compromising information systems of three energy distribution systems.

Moreover, motivations might not be confined to those looking to cause havoc for citizens – there is also the potential for cyber-attackers to use connected devices for corporate espionage purposes, gaining access to confidential data and utilising it for competitive advantage, blackmail, or any other nefarious purpose.

Consequently, for energy companies to thrive amidst these increasing concerns, IoT security must remain at the top of the agenda for any company that’s looking to exploit this technology. But whereas traditional risk management models have their origins focused on data flowing through systems that they own, the growing use of internet connectivity is leading to the erosion of the traditional enterprise perimeter, as more data flows outside of an organisation’s immediate defensive layer. This presents hackers with a larger surface area to try and compromise.

Positively, our research discovered that many energy companies are well aware of the security challenges that accompany IoT deployments, with over half (53 per cent) of organisations stating that that they will need to rethink their approach to data security and make heavy investments to meet IoT security requirements.

Which statement best describes your view of data security and IoT? (%)

IoT creates no new security challenges for us and our existing approaches to data security are adequate
IoT will mean that we need to evolve our data security measures but this will not involve significant resource investments
We will need to rethink our approach to data security and make heavy investments to meet IoT security requirements

However, within such a sensitive environment, successful IoT deployments will be largely dependent on board level support and understanding.

59%

of respondents believe that their organisations could be doing more for security

Business leaders must be adept in IoT and the security requirements that accompany this technology. This knowledge must then run through the entire organisation.

Our research uncovered that 59 per cent of respondents believe that their organisation could be doing more in terms of their security practices. Additionally, 22 per cent believe that the board does not understand IoT. Without a solid understanding of IoT it’s almost impossible to enforce the appropriate security measures. This highlights that there are still strides to be made if energy suppliers who wish to adequately insulate themselves from the growing risks in today’s cyber environment.

In your opinion, how well do you think IoT is understood at the board level of your organisation? (%)

13% It is fully understood
28% It is mostly undertstood
37% It is only partially understood
22% It is not understood at all

The need to understand the associated risks that come with increased interconnectivity of devices is paramount.

Our research suggests a clear gap in the board’s understanding of IoT and this needs to be quickly addressed in order to effectively counter security threats. As is the case with any technology, nothing is static, energy companies will therefore need to continuously learn and evolve through a recurrent cycle of improvement to ensure security risks are constantly mitigated.

Organisations must remain alert and diligent; this might involve monitoring networks more closely and ensuring the right questions are asked to ensure IoT connections are secure: How much data is being gathered? Who has access to this information? Where is it being stored?

Press enter or esc to cancel