b'36 Partner News Autumn 2022CorporateDefending critical operational data from malicious cyber attacks By Jim Allen, Future Networks Strategy Manager, Capulanecessary integrity is crucial in operating critical energy infrastructure.The Americans have certainly upped their game since the Colonial Pipelines attack, where the Biden administration ordered critical infrastructure owners and operators to conduct cyber-security assessments. Those found non-compliant could face fines starting at $7,000 a day.The need for defenceThere are no such directives or fines imposed here in the United Kingdom, but the likelihood is that there soon will be, because if an attack on critical energy infrastructure can happen in the US, it undoubtedly could happen here. Indeed, Russias attack on Ukraine, which has included cyber-attacks on those actively supporting the war effort or seeking to join Cyber-attacks targeting critical energyWhile devastating, cyber-attacks, like theNATO, only serves to underline the urgency infrastructure, such as electricityUkrainian and Colonial Pipeline examples,to review our cyber-security measures.transmission and distribution systems, areare still relatively rare, but they are now becoming ever more prevalent and occurbecoming more prevalent and the impact ofWe believe that our critical UK energy when the attacker can maliciously penetrateeven a single incident could be catastrophicinfrastructure is currently more exposed to the Operational Technology (OT) network toto customers and the wider economy. cyber-attacks than ever before, and nuclear disrupt the physical operation of assets. power plants, offshore wind farms and Getting up to speed energy networks have OT vulnerabilities The examples are many, ranging from theWhat is clear from these and other attacks,that can be exploited. The danger of attacks on the Ukrainian power grids backsome of which have not been made public,cyber-attacks in the energy sector is real in 2010, the attacks on several Southernis that industry regulators and operators areand present, but we can put up a robust European power generation companiesbecoming aware that they no longer fullydefence if we make cyber-security an in 2020, and in 2021 the high-profileunderstand the security risks surroundingintegral part of critical OT systems and ransomware attack in the US againstour most critical infrastructure and their data integration.Colonial Pipeline disrupting gasolineOT environments.supplies to the whole of the East Coast. For further information, visit:OT can encompass a large variety ofhttps://capula.com/solutions/industrial-The attack vector is increasingly thetechnology, hardware and software wherecyber-securityoperational data itself, because whenthe common denominator is in extracting this can be manipulated by the hackervalue from OT-enabled operations data. DataOriginally published by Utility Weekthey can hide the true state of the assetis the link and interface between operatorson 4 May 2022.from the operator, leaving the attackerand decisions makers, and therefore ensuring undetected and free to cause damage.data is of high availability and has the'