The energy sector is today heavily influenced by the ongoing digitalisation. While linking information systems to physical processes brings more efficient management, it also brings serious security risks. In particular, the rapid adoption of cloud platforms is significantly increasing the scope for cyber threats and their interconnection with decentralised resources such as solar power plants, battery storage, heat pumps and others.
"For decentralised sources, especially in the residential sector, we see the biggest problem in the infrastructures through which remote access to the source is handled. In practice, sources are very often connected to the manufacturer's or some third party's servers through which they can be remotely controlled, updated or monitored - which, while practical, opens the door to attacks with the potential for mass impact. The end user or operator often has no idea who manages the servers, where they operate them from, and under what legislation the data and access is handled. At the same time, we see from independent tests that new vulnerabilities are found in remote access infrastructures every year," says Erika Langer, head of the Cybersecurity for Energy research team.
This year alone, over fifty have already been announced in the solar inverter sector. "As long as we had units of kilowatts of installed capacity in decentralised sources, this whole situation did not pose a big risk. But now we are talking about 380 GW of installed capacity in the European electricity grid in solar alone, of which at least 80 GW is in residential installations. And we will soon see similar problems in battery storage and wind farms," Langer continues.
"It is essential to take a systemic approach to security - not only to protect the devices themselves, but also to address how they are managed and connected to the wider infrastructure. As part of several initiatives, we are working to create a harmonised security standard for decentralised resources that should cover both the security of the resource itself, its integration into the local network and, of course, the entire architecture of the remote access solution. We believe that without setting up appropriate security measures, we will soon reach a situation where we will largely build our modern energy sector on sources that are remotely influenced by entities over which we have no legal supervision and which are unable to guarantee sufficient security," adds Erika Langerová.
UCEEB focuses on energy efficient buildings from different perspectives and now also on cybersecurity for the energy sector. The new team aims to strengthen the security and resilience of modern energy infrastructure through standardisation, education and applied research. The team members bring with them experience from long-term collaboration with many domestic and international partners and will continue to link academic knowledge with applied research and put it into practice. The team has a strong interdisciplinary overlap, enabling them to actively contribute to the process of safe digitalisation of the energy sector
"Our University Centre connects science with the commercial and public sectors to deliver innovative solutions for a sustainable future in building, energy and environmental technologies. We are committed to reducing energy consumption and using resources efficiently. But safety must not be left out of the picture. This is exactly what the newly established Cybersecurity for Energy team deals with," says Robert Jára, Director of UCEEB CTU.