Attacks on critical infrastructures, such as power grids and energy distribution networks, always have devastating results, and increasing digital transformation in these fields might play a big role.
With the world moving towards sustainable energy sourcing and usage, digitization in the electricity sector is also inevitable. However, with it, it brings numerous challenges most of which are related to cybersecurity, and unfortunately, many such businesses still choose the simplest and improperly secured OT and IoT solutions during their digital transformation processes. In turn, this makes them extremely vulnerable.
To discuss the dangers and challenges of improper management and security of complex and critical IoT infrastructures, Cybernews reached out to Noam Arbel, the CTO at mPrest, a provider of AI and data-driven orchestration and optimization software for industrial IoT.
How has mPrest evolved since its launch in 2003 and where is your future heading?
mPrest began its journey as a company building the command and control software for the missile defense system for the State of Israel called the “Iron Dome.” In 2017, mPrest launched its non-defense company bringing the power of AI and IoT to the digital transformation of energy. We are facing one of the most disruptive times in the history of electric utilities. The industry movement towards DR and DER programs to support broad initiatives, such as decarbonization and transportation electrification, has presented an urgent need for integration between legacy and rapidly emerging technologies and requirements. With its DERMs platform, mPrest is empowering this transformation with its world-leading orchestration and optimization platform.
Can you introduce us to your mPrest platform? What issues does it help solve?
Leveraging its unparalleled experience and expertise in real-time mission-critical command and control software, mPrest has developed a world-leading distributed asset orchestration and optimization software to help increase the evolution of the smart grid. mPrest’s microservices-based, real-time orchestration and optimization platform brings the power of AI and IoT to help digitally transform various industries, from energy and smart cities, to oil & gas, connected cars, water, defense, and other industry 4.0 applications. mPrest’s applications suite, including Distributed Energy Resources Management Systems (DERMS) and Asset Health Management (AHM) offerings, is deployed on-premise or in the cloud in record time. The most forward-looking and efficient organizations worldwide, including some of the world’s largest energy companies, use our products. mPrest’s vendor-agnostic product suite interfaces with millions of sensors, devices, machines, assets, subsystems, IT, and OT applications, creating a system of systems that provides end-to-end visibility and control over complex and distributed operations.
What would you consider to be the most serious problems that industrial IoT & OT environments face nowadays?
The landscape of the electric grid is undergoing a major shift in the last few years. On the one hand, the advantage of distributed energy generation at the edge has dramatically changed the way the electric grid operates. PV, wind, and other small generation is changing both demands for power and local generation, as it requires a whole new set of tools from the utility team to manage those resources and continue to make the grid safe and highly available. On the other hand, the growing popularity of electric vehicles, and the addition of thousands of car chargers both at home and in public places will require sophisticated planning and operational tools to manage congestion on the network.
Security is also a pressing concern for the OT and IoT industry today, especially as these industries become more connected and digitized. The playing field for cyber hackers has increased tremendously since most OT companies still possess legacy and simple infrastructure while hackers have become more advanced in their cyber abilities. A lack of prioritization in sophisticated security technology has caused the OT industry to become the main target for major cyber schemes, such as the major cyberattack on the Colorado pipeline last year.
How did the recent global events affect the IoT landscape?
The recent events have had a number of effects on mPrest. There is now a high focus on cyber security and the understanding of the vulnerabilities in both the electric grid, and its interconnections, and in the global supply chain. More importantly, recent events have heightened the importance countries are putting on self-sustainability in the energy market, and the important role that distributed generation and renewable energy have in this regard.
Since the energy industry is one of the main fields of focus at mPrest, how do you think this sector is going to evolve in the next few years?
In 2021, there were many advancements within the renewable energy market that has led to a period of rapid growth, including increased deployment of existing and new classes of distributed energy resources (DERs). Fueled by increased incentive programs and legislation pushed by the Biden administration's goals to reach a 100% carbon-free power sector by 2035, the energy sector is primed to continue this adoption of DERs in 2022 and beyond. Alongside this rapid adoption of DERs, we will continue seeing an increase in the transition to smart energy systems, such as Distributed Energy Resource Management Systems (DERMS) in the years to come. These smart systems help existing grids achieve stability and flexibility, DER aggregation, and deferred capital costs, a few of many issues current energy grids and utilities are looking to address. Coordinating these assets will be an essential component of the energy transition in the next few years.
What are the most common issues that companies run into on their digital transformation journey?
Across energy systems, there is a lack of standardization in many aspects of digital advancements. Discrepancies in the rollout, scale, and details of new protocols across different markets and regions make it difficult for companies looking to introduce a more advanced system. Furthermore, utility companies also tend to wait to integrate a smart system (i.e. DERMS) into their existing infrastructure due to fear of disrupting service and concerns over having to learn a new system. In reality, waiting to integrate a management system stifles the abilities of DERs and will produce more troubles as grids continue their digital transformation. Distributed assets bring the most value when they are integrated within systems that account for customer and grid demand as well as diversified energy resources. Reacting to these shifts requires quick scalability and functionality, enabling new DERs in the system and managing them as they come online.
In your opinion, what types of attacks are we going to see more of in 2022?
As electrical grids become more modern and digitized, they will also become more accessible targets for cyberattacks. Cybercriminals can gain a number of gateways when they infiltrate a grid, including falsely illustrating power use to obtain large financial benefits or changing what a utility company sees as the grid performance to influence buy and sell decisions. These types of attacks will only continue in 2022 and beyond as more grid systems continue their digital transformation.
Additionally, we’re starting to see cybercriminals attack individual DER devices. It has been proven criminals are now able to disturb or disconnect someone’s service, spy on their business, understand their whereabouts, and even pinpoint the entry into one’s network. Unfortunately, this type of infiltration can happen both at an individual level and on a much larger scale. For example, if a cybercriminal were to gain access to a grid system that powers government buildings, they could easily compromise a country’s whole infrastructure by obtaining sensitive information found in those networks. These types of attacks are becoming more common and more sophisticated, causing most energy organizations to prioritize security measures to prepare for future threats.
What security tools should organizations and individuals have in place to combat these new threats?
To combat these ongoing cyber threats, we recommend utilities integrate large-scale, IoT-focused solutions that are adaptive to the network. Specifically, integrating those capable of anomaly detection and network awareness that utilize AI and machine learning. Companies should also continue the adoption of distributed energy resource management systems (DERMS), as they provide operators both scalability for change management and intelligent system visualization of front-of and behind-the-meter assets. And while the adoption of new technology is essential to combat these cyber threats, it is important energy companies also take the time to educate their teams on these new advanced systems to ensure all security protocols are met and in place.