Legacy power and distribution grids can no longer cope with multiple types of energy producers and consumers, making them vulnerable in the short term as they are transformed, according to Maher Jadallah, regional director, the Middle East, Tenable
Without intervention, the Middle East is fast heading towards disruption to energy production and distribution systems. To address this, the emphasis on long term sustainability, investments into the generation of solar and wind power are already visible in GCC countries including UAE, Saudi Arabia and Oman.
According to the Energy and Utilities Market Outlook Report 2020, MENA smart grids sector has witnessed significant investment and is expected to reach US$20bn over the next seven years.
While grid system modernisation is critical to manage the disruption taking place in energy production, distribution and consumption, it is o opening up the front door of those control systems to malicious threat actors. Grid-based industrial cyberthreats present risks to safety, reliability and business continuity.
?With cybercriminals typically looking to target low hanging fruit to gain entry, it is inevitable that we will continue to see attacks aimed at the perceived least defended infrastructure. This might include a smaller substation or transfer location rather than the core of any one grid,? Jadallah explained.
According to Jadallah, four trends and what can be done to counteract them include:
Industrial to IT attacks will become reality: It is highly probable that threat actors will look to compromise less defended industrial environments to traverse into IT data repositories ? for example customer databases.
Shared responsibility for security: Energy organisations must recognise that security is a shared responsibility between industrial and IT teams. In a number of industrial markets, there has been a move for IT teams to take ownership for industrial security given their experience defending networks.
Boundaries between systems dissolving: Whether or not systems are perceived to be air gapped, industrial attacks present a real and present danger. The mantra of set it and forget it is no longer the way to administer industrial environments.
Industrial and IT skills gap: It?s recognised that there is a global shortage of skilled security professionals. Organisations should conduct a rigorous skills assessment of both their industrial and security teams and begin cross-training programs targeted to address each of the gaps.
