Your power hangs by a bit
F
or modern societies, steady flow of electricity is essential. The infrastructure that upholds the entire electricity supply chain from production to distribution is considered as critical infrastructure, and it is regulated closely. As the technology used to maintain the system develops, it provides more surface layers for both kinetic and non-kinetic attacks. Disrupting this supply chain would have cascading effects across society. In the past, security discussions around electricity systems have mainly focused on physical incidents in electricity networks and cyber incidents in information technology (IT) systems. Today’s electricity systems consist of integrated energy and communication networks, thus requiring an integrated view on physical and cyber requirements. The entire supply chain for electricity includes a variety of companies that organise the production, trading, marketing, transmission, and supply of electricity. An increased cross-border integration of markets, the digitalisation of operations, legacy systems and the real-time system impact with minimum disturbance requirements will place significant burden in securing the sector from cyber threats. Cyber threats against individual power plants and electricity grids are well-known and documented. There are several regulatory contexts in the EU and the US in which cyber security risk mitigation frameworks and compliance measures are introduced and addressed. Of these, the EU’s
// Julia Vainio
Network and Information Systems Directive (NIS Directive) from 2016 is one of the most prominent set of rules. The NIS Directive is currently undergoing a revision, with a proposed directive hopefully being implemented in the coming months. Even as electricity grids and networks have been established as critical infrastructure and vulnerable to cyber attacks, the market aspect of the formula is often left unaccounted for. Risk analyses and cyber threat reports draw our attention to cyber risks related to Supervisory Control and Data Acquisition (SCADA) systems of individual power plants, or DDoS attacks on the physical grid and utilities. Those institutions and establishments that deal with the business side of balancing the supply and demand of electricity remain often outside the scope of interest. It is somewhat as if a risk analysist would describe in high detail cyber risks related to individual public companies and their supply chains and failed to mention the possible repercussions of Nasdaq being hit by a debilitating cyber attack. HOW IS POWER TRADED?
A power exchange is essentially a trading platform that aims to satisfy the supply and demand for electricity in a market-efficient manner. In the European Union’s internal energy market, Nominated Electricity Market Operators (NEMOs) act as market operators in national or regional markets.
CYBERWATCH
FINLAND
|
35
