Cybersecurity and ‘Green’ Markets: Energy & Construction:
The author will be writing a monthly article throughout 2019 on Cybersecurity across various market segments. Be sure to watch for it to see how your business may benefit from this important information. Good reading and see you next month.
The emphasis on cybersecurity across all market sectors is gaining steam. Two of those markets, renewable ‘green’ energy and ‘green’ construction, are at higher risk of cyber-attacks on their systems because the perception in both industries is that they are not active targets.
According to a recent Security Scorecard Report, the construction industry ranked third for security rating. Because it does not have as large of an IT footprint as other industries, construction is not considered to be a hot target for attackers. This does appear to be a temporary trend, however, as the focus of malicious attackers is expected to increase significantly due to the standardization of ‘smart’ and IoT (Internet of Things) devices such as water heaters, thermostats, and power systems. These new devices will create a bigger attack surface that previously did not exist. [1]
In the green energy field, there are two prominent drivers that create cyber risk. The first is connected elements; smart grids and smart meters. These are controlled by industrial control systems and supervisory control and data acquisition which increase the number of potential entry points into energy systems. The second driver is the unavoidable shift from centralized to distributed energy generation and the rise of generation sites; compounding the risk by producing more potential entry points for cyber-attacks. Interconnectedness between system components results in circumstances where a security breach at one point of the energy chain can put the entire system at risk. [2]
For both of these industries, cybersecurity is a growing necessity. Implementing a ‘security culture’ within companies is essential; training employees, updating firewall and antivirus software, implementing a mitigation plan that includes penetration testing and data partitioning, and obtaining insurance coverage. Regardless of what type of business you are in, it is time to take stock of your business’ cybersecurity health and begin to plan and implement a thoughtful cybersecurity strategy.
[1] K. Slowey, “How Construction Companies Can Improve Cybersecurity”, Construction Dive, August 2016
[2] W. Steel, “Heeding the Call for Cybersecurity in the Renewable Energy Sector’, Renewable Energy World, April 2017
A. Elisabeth Tolsdorf is author of this article and the Director of NIST SP 800-171 Compliance for Hawk Technologies, a woman-owned firm located in Houghton, Michigan. Hawk is the Upper Midwest’s primary source for NIST SP 800-171 Compliance services. Additional information about NIST SP 800-171 and Hawk’s CAD services capabilities can be found at www.hawktechinc.com.