Information about science based innovations, solid facts to support decision-making, performance and business development for VTT’s partners, customers and anyone interested in high technology and its applications.
A magazine on science, technology and business

​​​​

The energy sector is jointly preparing for cyber threats

Text: Marja Saarikko | Photos: Timo Porthan and the Emergency Supply Agency | 7.6.2018

The National Emergency Supply Agency, Finnish Communications Regulatory Authority (FICORA) and a group of energy companies have jointly launched the KYBER-ENE project, to improve cyber-caution as digitalisation changes the world.

A high level of cyber caution is required in the production and distribution of energy, as these are critical infrastructure. Although Finnish energy companies have traditionally been well prepared, there is still a need for development, particularly now that digitalisation is changing the world.

Fingrid's Security Manager Jyrki Pennanen points out that cyber threats have become increasingly serious in the energy sector. For example, a group of advanced hackers attacked power plants in Ukraine in 2015 and 2016, leaving over 250,000 people without electricity.

– On the other hand, the latest threats include the harnessing of access control systems to extract cyber currencies, which is incredible in itself, he says.

As digitalisation advances, companies are introducing new IoT devices, which is increasing security risks. For example, Pennanen points out that Fingrid has begun piloting IoT-based microphones, which listen to components and detect faults on the basis of their sounds, in a certain substation.

–This is an excellent project in itself, which serves our business, but it creates a new dimension in security, says Pennanen.

As a transmission system operator, Fingrid is well prepared for cyber threats, with five persons working in the area of information security. Many small energy operators, on the other hand, have only one person combatting cyberthreats, as well as performing the company's other IT tasks.

– That is why KYBER-ENE involves seeking good cybersecurity for companies of all levels, in addition to the research, he sums up.

Jyrki Pennanen-5723.jpgJyrki Pennanen.

Taking collaboratio​​n to a new level

For Business Continuity Manager Kalle Luukkainen, the main objective of the project is to raise awareness of and develop expertise on the cyber threats facing the energy sector. The project was begun by organising confidential cyber-security workshops for energy companies.

 – What's new is that energy players have become so actively involved in promoting cyber safety, supported by the National Emergency Supply Agency and the N​ational Cyber Security Centre Finland, Luukkainen says.

He explains that these workshops have focused on the development of competencies, mapping the cybersecurity situation within the production network, and securing remote connections for users and during emergencies.

– Although the project is still at an early stage, it has been progressing well. The right things have been done in the workshops, and those involved have been very active. Cooperation with companies is not new, but it has now risen to a new level of activity.

He points out that, because the project is short, it is only intended to launch cooperation and its continuation is being planned.

– Preparation for cyber threats should be viewed as a kind of continuum, i.e. we need to maintain the good cooperation we have achieved.

Kalle_05.jpgKalle Luukkainen.​

The bar must be kept high

One of KYBER-ENE's sources of background information is a situational snapshot of the Finnish energy sector's readiness to counter cyber threats, which was created in 2015 by the Power Supply Pool of the National Emergency Supply Organisation.

According to Petri Nieminen, Senior Advisor, Power Systems at the National Emergency Supply Agency, the report shows that much remains to be done in both large and small companies.

– All companies should now raise the bar. It was once enough if the firewall was okay, but firewalls don't hold anything back anymore. As part of critical infrastructure, the energy sector is an ideal target for attacks, and we need to prepare for the threats together, he says.

Although two years have elapsed since the report, Nieminen explains that cyber threats have become more serious since then and cyber security has become increasingly important.

– Although no major national security problems have occurred in Finland, we should consider whether an attack like that on Ukraine would be possible here.

He regards mutual peer support among companies as important to combating the cyber threat. 

– Consultants and the authorities can certainly provide companies with support, but the message really gets through if another company is doing the talking.

Petri_012_scarp.jpgPetri Nieminen.

New cyber-threat management model

Pasi Ahonen, Coordinator of the KYBERENE project and a Principal Scientist at VTT, explains that a cyber threat management model was developed in the workshops, which should be duplicated in regional workshops and could be introduced more widely.



– It would be important for the energy sector to create a model for the systematic and rapid development of cybersecurity in the private sector. Good progress was made in developing cyber security at the Kuopio and Mikkeli workshops in particular, because the executives were motivated.

Incidents such as the attack on Ukraine were discussed in the workshops, where we pondered whether the same could happen in Finland. In this way, the participants were given a tangible demonstration of exactly how energy companies can be attacked.

 According to Ahonen, preparedness for cyber attacks is about more than just IT resources.

– A large number of IT staff is not sufficient to improve the level of preparedness; the key issue is integrating preparedness in all activities. The entire organisation must understand cyber-safe practices.​​


KYBER-ENE is part of the National Emergency Supply Agency's KYBER 2020 programme

The KYBER-ENE project involves improving the cybersecurity of critical infrastructure in society. The aim is to improve preparedness among energy companies. VTT is coordinating the project, whose first phase began in November 2017 and ended in April 2018. 

The project steering group include energy companies such as Fingrid, Kuopion Energia, Suur-Savon Sähkö, Helen and Neste. In addition, the National Emergency Supply Agency and National Cyber Security Centre are on the project steering group. 

The KYBER 2020 programme was preceded by the KYBER-TEO project, in which VTT and industry players developed and tested services that ensure industrial cybersecurity.​


 

 

VTT Impulsehttps://www.vttresearch.com/ImpulseVTT Impulse
Impulse 1/2018https://www.vttresearch.com/Impulse/Pages/Impulse-1-2018.aspxImpulse 1/2018
The creative force of change managementhttps://www.vttresearch.com/Impulse/Pages/The-creative-force-of-change-management.aspxThe creative force of change management
A birthday gift from us to ourselveshttps://www.vttresearch.com/Impulse/Pages/A-birthday-gift-from-us-to-ourselves.aspxA birthday gift from us to ourselves
At the digital forefront of mininghttps://www.vttresearch.com/Impulse/Pages/At-the-digital-forefront-of-mining.aspxAt the digital forefront of mining
Before information gets lost in numbershttps://www.vttresearch.com/Impulse/Pages/Before-information-gets-lost-in-numbers.aspxBefore information gets lost in numbers
Challenges conceal opportunitieshttps://www.vttresearch.com/Impulse/Pages/Challenges-conceal-opportunities.aspxChallenges conceal opportunities
Cleaner city traffic with wood-based dieselhttps://www.vttresearch.com/Impulse/Pages/Cleaner-city-traffic-with-wood-based-diesel.aspxCleaner city traffic with wood-based diesel
Comfy but energy efficient homeshttps://www.vttresearch.com/Impulse/Pages/Comfy-but-energy-efficient-homes.aspxComfy but energy efficient homes
Cyber security requires more than just technological competenceshttps://www.vttresearch.com/Impulse/Pages/Cyber-security-requires-more-than-just-technological-competences.aspxCyber security requires more than just technological competences
Designers needed in printed technologyhttps://www.vttresearch.com/Impulse/Pages/Designers-needed-in-printed-technology.aspxDesigners needed in printed technology
Health benefits and efficiency without sacrificing food qualityhttps://www.vttresearch.com/Impulse/Pages/Health-benefits-and-efficiency-without-sacrificing-food-quality.aspxHealth benefits and efficiency without sacrificing food quality
How to become a leading country in flexible energy production systemshttps://www.vttresearch.com/Impulse/Pages/How-to-become-a-leading-country-in-flexible-energy-production-systems.aspxHow to become a leading country in flexible energy production systems
Impulse 1/2016https://www.vttresearch.com/Impulse/Pages/Impulse-1-2016.aspxImpulse 1/2016
Intelligence for machineshttps://www.vttresearch.com/Impulse/Pages/Intelligence-for-machines.aspxIntelligence for machines
VTT Impulsehttps://www.vttresearch.com/Impulse/Pages/MainPage.aspxVTT Impulse
Petri Kalliokoski: Artificial intelligence moves from words to deedshttps://www.vttresearch.com/Impulse/Pages/Petri-Kalliokoski-Artificial-intelligence-moves-from-words-to-deeds.aspxPetri Kalliokoski: Artificial intelligence moves from words to deeds
Risk management in an increasingly complex worldhttps://www.vttresearch.com/Impulse/Pages/Risk-management-in-an-increasingly-complex-world.aspxRisk management in an increasingly complex world
Same old routine for the next 100 yearshttps://www.vttresearch.com/Impulse/Pages/Same-old-routine-for-the-next-100-years.aspxSame old routine for the next 100 years
We must maintain Finland as an attractive target for investmenthttps://www.vttresearch.com/Impulse/Pages/We-must-maintain-Finland-as-an-attractive-target-for-investment.aspxWe must maintain Finland as an attractive target for investment
What's going on in Australia?https://www.vttresearch.com/Impulse/Pages/Whats-going-on-in-Australia.aspxWhat's going on in Australia?
World in 2030 - answers to tomorrow’s questionshttps://www.vttresearch.com/Impulse/Pages/World-in-2030-answers-to-tomorrows-questions.aspxWorld in 2030 - answers to tomorrow’s questions
Impulse 2/2017https://www.vttresearch.com/Impulse/Pages/Impulse-2-2017.aspxImpulse 2/2017
Finland on its way towards low-carbon year 2050https://www.vttresearch.com/Impulse/Pages/Finland-on-its-way-towards-low-carbon-year-2050.aspxFinland on its way towards low-carbon year 2050
Jari Gustafsson: Old and new workhorses as recession beatershttps://www.vttresearch.com/Impulse/Pages/Old-and-new-workhorses-as-recession-beaters.aspxJari Gustafsson: Old and new workhorses as recession beaters
Maintenance support for astronautshttps://www.vttresearch.com/Impulse/Pages/Maintenance-support-for-astronauts.aspxMaintenance support for astronauts
The story of Finlandhttps://www.vttresearch.com/Impulse/Pages/The-story-of-Finland.aspxThe story of Finland
A better world based on positive energyhttps://www.vttresearch.com/Impulse/Pages/A-better-world-based-on-positive-energy.aspxA better world based on positive energy
Food in transitionhttps://www.vttresearch.com/Impulse/Pages/Food-in-transition.aspxFood in transition
Industrial cyber security improves through cooperationhttps://www.vttresearch.com/Impulse/Pages/Industrial-cyber-security-improves-through-cooperation.aspxIndustrial cyber security improves through cooperation
Converting rags to design clotheshttps://www.vttresearch.com/Impulse/Pages/Converting-rags-to-design-clothes.aspxConverting rags to design clothes
The creators of the future get down to businesshttps://www.vttresearch.com/Impulse/Pages/The-creators-of-the-future-get-down-to-business.aspxThe creators of the future get down to business
Defence Forces seek a head starthttps://www.vttresearch.com/Impulse/Pages/Defence-Forces-seek-a-head-start.aspxDefence Forces seek a head start
Plasma treatment spurs material developmenthttps://www.vttresearch.com/Impulse/Pages/Plasma-treatment-spurs-material-development.aspxPlasma treatment spurs material development
Senior Scientist Jukka Hemila, VTT: From technology hype to customer understandinghttps://www.vttresearch.com/Impulse/Pages/Senior-Scientist-Jukka-Hemila-VTT-From-technology-hype-to-customer-understanding.aspxSenior Scientist Jukka Hemila, VTT: From technology hype to customer understanding
More than siliconhttps://www.vttresearch.com/Impulse/Pages/More-than-just-Silicon.aspxMore than silicon
The future 5G network proceeds to test phase in Ouluhttps://www.vttresearch.com/Impulse/Pages/The-future-5G-network-proceeds-to-test-phase-in-Oulu.aspxThe future 5G network proceeds to test phase in Oulu
Clearing the way for new materials with ChemSheet technologyhttps://www.vttresearch.com/Impulse/Pages/Clearing-the-way-for-new-materials-with-ChemSheet-technology.aspxClearing the way for new materials with ChemSheet technology
A man driven by optimism and curiosityhttps://www.vttresearch.com/Impulse/Pages/A-man-driven-by-optimism-and-curiosity.aspxA man driven by optimism and curiosity
Developers of the futurehttps://www.vttresearch.com/Impulse/Pages/Developers-of-the-future.aspxDevelopers of the future
LEO brings intelligence to cylindershttps://www.vttresearch.com/Impulse/Pages/LEO-brings-intelligence-to-cylinders.aspxLEO brings intelligence to cylinders
The rise of robotic carshttps://www.vttresearch.com/Impulse/Pages/The-rise-of-robotic-cars.aspxThe rise of robotic cars
Minister of Energy would like to expand emissions tradinghttps://www.vttresearch.com/Impulse/Pages/Minister-of-Energy-would-like-to-expand-emissions-trading.aspxMinister of Energy would like to expand emissions trading
Are environmental claims believable?https://www.vttresearch.com/Impulse/Pages/Are-environmental-claims-believable.aspxAre environmental claims believable?
Tua Huomo: Energy production and use – smart choices have an impacthttps://www.vttresearch.com/Impulse/Pages/Energy-production-and-use–smart-choices-an-impact.aspxTua Huomo: Energy production and use – smart choices have an impact
Open-source infrastructure in product development for the electromechanical industryhttps://www.vttresearch.com/Impulse/Pages/Open-source-infrastructure-in-product-development-for-the-electromechanical-industry.aspxOpen-source infrastructure in product development for the electromechanical industry
Sensor of tomorrowhttps://www.vttresearch.com/Impulse/Pages/Sensor-of-tomorrow.aspxSensor of tomorrow
The new agenda enhances the use of research infrastructurehttps://www.vttresearch.com/Impulse/Pages/The-new-agenda-enhances-the-use-of-research-infrastructure.aspxThe new agenda enhances the use of research infrastructure
Impulse 2/2014https://www.vttresearch.com/Impulse/Pages/Impulse-2-2014.aspxImpulse 2/2014
Impulse 2/2015https://www.vttresearch.com/Impulse/Pages/Impulse-2-2015.aspxImpulse 2/2015