May 11, 2021
8 min read

Afraid of hackers? It’s time for energy to turn to AI.

Leane Clifton

With an estimated 38 billion new connections to the IoT this year alone, the threat to industry continues to grow. Machine learning and AI could future-proof energy ecosystems, say a new study by the Massachusetts Institute of Technology.

Energy transition during the Fourth Industrial Revolution means that digitalization across the energy ecosystem is creating a new model for the industry: Interactive, multi-directional and interconnected.

Smart infrastructure monitoring is now an essential part of the industry. Every facet is permeated with digital devices: operations, exploration and supply chains create billions of new connections – each of which can create a possible cyber vulnerability. With attacks increasing 2000% between 2018 and 2019, the sectors’ losses are nearly double that of other industries from cyberattacks.

Energy companies have recognized the value of digital technologies in OT, but only 18% use AI for cybersecurity. In the recent study by the Massachusetts Institute of Technology (MIT), entitled “Transforming the energy industry with AI”, cybersecurity leaders in the industry were interviewed about the status of security for critical infrastructure in the energy sector.

Addressing the ever-growing number of connected devices, they noted that keeping up with security, particularly in a sector that uses infrastructure designed 30 or 40 years ago, is extremely difficult.

Strategic partnerships provide access to more experts that we can work with and build on each other’s strengths to enhance our security.

Chris Foster

Vice President of Information Services and CIO, TC Energy

The threat landscape

The MIT report suggests that cybersecurity solutions need to cover the full breadth of the operations portfolio, ranging from intermittently connected devices and legacy equipment to high-volume, unmanned assets.

Leo Simonovich, Vice President and Global Head, Industrial Cyber and Digital Security at Siemens Energy explains that as older and remote equipment are brought online, “the gap between where the risk is, and the maintenance of those assets, is so huge that it makes companies easy prey for the hackers. It’s very easy to get in and cause real world consequences. “Especially since smaller and medium size producers have not invested resources in cybersecurity at the same rate as larger companies.”

Collaboration gives us a better cybersecurity posture for our operations against the ever increasing threat landscape.

Dr. Reem F. Al Shammari

Chief Information Security Officer, Kuwait Oil Company

Covid, the accelerator

US Treasury Secretary Janet Yellen, speaking at the UN recently, warned of an “explosion of risk” from criminals using digital technologies, citing the Covid-19 pandemic as an accelerator of online crime.

Ransomware, malware, sleeper attacks and nation-state actors are all threats. A USB drive inserted into a digital control system on an older piece of equipment at a remote location can spread malware throughout an energy ecosystem. “The reason that matters is because an attack in the industrial space leads to costly shutdowns or worse, safety attacks,“ says Simonovich.

We are in a race against the speed of the attackers. We can’t provide all the cybersecurity capabilities we need from inside. We work with different companies for different types of services, and all those companies bring valuable knowledge.

Javier García Quintela

Chief Information Security Officer, Repsol

Faster than the attackers

The MIT study recommends gaining visibility into operations to understand vulnerabilities, and implementing technologies that provide depth and scalability to get ahead of cyber threats. A strong defense must take advantage of AI and machine learning to establish future-proof protections that can accommodate changes in the cyber threat landscape.

Simonovich, who joined Siemens six years ago to create a cybersecurity division, agrees: “We need to be faster than the attackers, and the way to do this is to accelerate the adoption of protective technologies and take a risk based approach to it.”

As companies focus on new business models utilizing digital technologies throughout their ecosystems to optimize operations, ever-more sophisticated attacks will require the industry to respond with more focused cyber security methods. Particularly for smaller companies which are integral, but vulnerable. The MIT report recommends partnering with AI experts to help mid-size and smaller companies ultimately stay secure.

We are putting a lot of emphasis on AI, machine learning, business analysis, and streamlining business workflows. Any AI technique we can use to improve our business’ bottom line, we’re exploring—on petrotechnical and other IT applications, including cyberdefense and analytics.

Edward Chiu

Chevron cybersecurity strategist

Zero-Day Detection

When Leo Simonovich joined Siemens Energy, industrial cybersecurity was in a nascent phase, with more questions than answers available. Equipment manufacturers were able to provide scalable security solutions for their new products, but how could one incorporate “brownfield” assets? For most energy companies older equipment and remote assets are still part of their business equation and need to be retrofitted to join the digital control network.

The goals according to Simonovich were not just to secure the Siemens Energy solutions, but helping customers along in their digital journey to secure their complete operating environment, and to scale emerging technologies like AI to widespread application.

Through a partnership with SparkCognition, a digitally native company specializing in AI and machine learning technologies, Simonovich’s division created a purpose built offering for the energy sector, DeepArmor Industrial, fortified by Siemens Energy. The offering is scalable, and can provide autonomous real time protection against zero-day threats, which exploit bugs or access in software that developers are unaware of, on assets throughout an energy ecosystem.

“DeepArmor provides a shield without compromising effectiveness and efficiency of the workflow. It’s tailored to that environment both so it recognizes what’s in the computer, what’s permitted, what’s not permitted,” explains Simomovich. “We tailor it to the individual asset but we enforce a common risk posture.” DeepArmor uses digital twin technology along with AI and machine learning algorithms to monitor equipment and compare that data to normally functioning assets to detect anomalies.

Cybersecurity is not only necessary for older assets, but for the energy transition as a whole as producers and distributors move to renewables and green fuels to meet net-zero decarbonization goals, creating complex networks of connection points.

The big picture

The recent “Solar Winds” attack exposed major weaknesses with current cybersecurity solutions, infecting nine government sectors and over 100 tech companies. The US Deputy National Security Advisor for Cybersecurity, Anne Neuberger has called for public private partnerships to build the cybersecurity needed to combat attacks of this level.

One such endeavor, the Center of Excellence, is the public/private partnership between New York Power Authority (NYPA) and Siemens Energy. NYPA supplies power to New York City and also the Hudson Valley – 53 utilities in the network. Simonovich says that such small and medium sized utilities sometimes struggle with security. “Because we’re not hyper-connected, we have to make sure there is no weak link into the system. Visibility and context are key to monitoring and detection, but how can a company do this without in-house personnel?”

“The Managed Detection Response (MDR) solution centralizes all those things in our security operation center where we can monitor and enforce policies for those assets,” according to Simonovich. Employing proprietary detection technologies, along with DeepArmor capabilities, to gather and translate OT and IT data streams from all of a company’s assets for MDR operators to monitor and enforce security policies for the entire system in real-time. NYPA can see their entire system in context, and with AI algorithms exposing anomalies and then either self-correcting or alerting an operator.

“There is no “go-it-alone” strategy. Partnering will help companies fulfill the expertise gap and ultimately stay secure—especially these small and midsize oil and gas enterprises that are an integral, but vulnerable, part of the ecosystem,” is the conclusion of the MIT report. Industrial cyber security requires controls expertise, mechanical expertise, security expertise, network expertise and risk management.

May 11, 2021

Leane Clifton is a New York based journalist, with a focus on health and technology.

Combined picture and video credits: Siemens Energy, Getty images