Protecting Data While Improving Operations - Securing Cloud-Based Applications

Utilities don’t need to fear the cloud. 

As we explored in our previous article, cloud-based applications offer numerous advantages over traditional, on-premises IT infrastructure in the form of lower upfront costs, greater scalability, and fewer ongoing maintenance requirements. 

But to ensure a successful cloud strategy, utilities must design effective security policies and architectures. When deploying Industrial Internet of Things (IIoT) solutions such as remote monitoring sensors, there are some important measures that utilities should take to safeguard data and mitigate the risk of security breaches. 

This article is part of a series on utility cloud strategy and security. To learn more, read our white paper originally published on Electric Energy Online: Don’t Fear the Cloud: Developing Cloud Security Policies for Remote Monitoring. Registration is required.

Addressing Security Risks and Assessing the Level of Threat

Security is a valid concern when deciding to move to a cloud-based application. Regulated standards enforce the cybersecurity defenses that utilities must implement to keep their networks protected, and internal security policies may go further. 

As critical infrastructure, ensuring the safe and reliable flow of power to customers is vital. But cybersecurity fears do not have to prevent utilities from embracing technology and improving operations through the cloud.

When assessing cloud-based applications, consider the type of data that will be collected, transmitted, and stored. Thermal and visual sensors, for example, collect relatively low-risk data that is not very useful to malicious actors in case of a breach. Thermal data cannot be used to disrupt the flow of electricity, while a visual feed of a substation is unlikely to be of more value to hackers than what already exists online from satellite and street view cameras.

Effective security policies should keep IIoT sensors segregated from critical assets and limit access to authorized and authenticated users. Further, encryption at each stage of the communication process means that data won’t be usable by hackers even if they gain access to it. 

Overall, while cybersecurity must be taken seriously, utilities can still deploy networked, cloud-based applications to improve operations and maintenance without significantly increasing risk. 

Transport Layer Security Encryption

Though the thermal and visual data collected and transmitted from remote monitoring sensors may not be particularly high risk, utilities must take steps to reduce the chance that it falls into the hands of hackers and other malicious actors.

Transport Layer Security (TLS) encryption ensures data cannot be intercepted and viewed by hackers, while authentication at every step in the communication process allows only authorized users to gain access. 

Because of their size and capabilities, many cloud providers also offer two-factor identification and other security tools as part of their platform, providing utilities with a range of approaches to protecting their data without having to have the internal IT team build these features. 

Once stored in the cloud, data should be encrypted using the Advanced Encryption Standard, which is also used in other sensitive industries such as healthcare, government, and finance. 

Segregation From Critical Assets

When deploying remote monitoring solutions, utilities should ensure that the IIoT sensors have no electrical or physical connections that may disrupt the operation of critical equipment. 

Sensors should be connected to a network separate from the Critical Asset communication network. In some cases, utilities may decide to set up a dedicated internal network, but it is often better to leverage existing cellular communication infrastructure when available. 

This eliminates the risk of infiltration through the IIoT network connection and protects assets critical to the flow of power. 

Ongoing User Training

Many attacks on utilities come in the form of phishing emails, malware-laden attachments, or infected links. While this may sound low-tech, these behavioral attacks have become increasingly sophisticated and can be extremely effective if employees are not vigilant and aware of what to look out for. 

Frequent user training helps employees recognize potential security threats, identify suspicious emails, links, or files, and avoid clicking on something that could infiltrate the system. 

Leveraging Cloud-Based Applications for Better Operations

Cloud-based applications such as thermal & visual sensors for remote monitoring allow utilities to improve operations while lowering the cost of maintenance. 

With continuous remote monitoring, utilities can transition away from expensive truck rolls and physical inspections and move toward a Condition-Based Maintenance strategy. By using the cloud, data from multiple sensors and site locations can be combined into a single, accessible dashboard, providing operators with a complete view of high-value substation assets and reducing the time and effort required to maintain the flow of power.

Energy 4.0 technologies, including the cloud, the Industrial Internet of Things, data & analytics, and artificial intelligence & machine learning, will allow utilities to be better prepared to adapt to an increasingly complex and competitive environment in the years ahead.

To learn more about the benefits of cloud-based applications and utility cloud strategy and security, read our white paper (registration is required). It was originally published on EE Online: Don’t Fear the Cloud: Developing Cloud Security Policies for Remote Monitoring.