By now, most people in the energy industry realise that cyber security for critical infrastructure is paramount – those who are ENCS members certainly do! However, it’s not enough to know that security is important, decision makers need to know what to do about it.

That’s why we’re launching a new video series on the ENCS members portal designed to supplement our existing vulnerability research. Each video will see an ENCS expert unpick a particular vulnerability in clear language, along with what it might mean for our members – owners and operators of Europe’s critical energy infrastructure.

Two videos are live already. The first concerns availability attacks – such as denial of service (DoS) attacks – on a protection relay. Whereas a DoS attack in the IT domain might, for example, leave frustrated at being unable to access your email account, when the ‘service’ rendered is protection of power assets and safeguarding safety, it is much more dangerous.

The second looks at vulnerabilities in the authentication interface for electric vehicle (EV) charging points and how to protect against issues such as identity theft. This will later be bolstered by an upcoming video in the series looking at charging device security more generally.

The series aims to help members understand the impact of vulnerabilities for critical infrastructure. Crucially, this involves a completely different approach to security than the traditional measures seen in the IT sector.

It’s common knowledge in the IT sector security follows a CIA model – meaning confidentiality is the most important factor of all, followed by integrity then access. It makes sense: if someone locks you out of your email account or Facebook it’s annoying, but nowhere near as frightening as if they got hold of your personal data and sold it on to fraudsters. Confidentiality is king.

For the operational technology (OT) world though, in particular for critical infrastructure, the reverse is true. A hacker gaining access to critical assets is far more worrying than any breach of confidentiality. What’s more, given these are potentially dangerous assets if misused, there is an additional safety concern. The model is therefore SAIC – safety, availability, integrity, confidentiality.

The cyber security approach many professionals are used to is turned on its head – and that takes some adjustment. We hope that our new video series helps our members better understand some of the vulnerabilities out there and take a proactive approach to addressing them.

The new video series is available on the ENCS member portal – an online portal for ENCS members that gives access to a wide variety of cyber security information and resources. If you are a member and have a particular topic you’d like to see addressed in a future video – please do let us know!