In our highly connected world, risk of cyber-attack, is an increasing threat. The subject has made it to the world stage this week in a number of ways.
Germany’s long running magazine, Der Spiegel, says secret documents show America has been spying on the German Chancellor, Angela Merkel, for more than a decade. The National Security Agency (NSA) is accused of bugging the mobile phone of the German leader since 2002. The news sparked the US ambassador to be summoned this week for the first time in living memory.
Australia is mulling over maintaining a ban on China’s Huawei’s equipment for its National Broadband Network. While Huawei is a private company, security agencies believe it is subject to influence by the Chinese government. One fear is the company’s equipment, sold to big companies such as SingTel Optus and governments including the British, uses proprietary firmware that represents a security risk compared to similar products from US or European suppliers.
More conventionally, there is a concern that critical infrastructure will be subject to disablement. This was the subject of the Bruce Willis film – the title of this essay – Live Free or Die Hard. Bruce’s character, John McClane, is attempting to stop cyber terrorists who hack into government and commercial computers across the United States with the goal to start a “fire-sale” of financial assets.
Cyber security threats against Utilities have grown dramatically, making it a top priority for Utility Executives in 2013. A report by America’s Homeland Security found that disgruntled current and former utility-sector employees have successfully used their insider knowledge to damage facilities and disrupt site operations, and outsiders have attempted to solicit utility-sector employees to obtain specific information about utility infrastructure site operations and facilities that could be useful in conducting physical and cyber-attacks.
Pike Research, which is now owned by Navigant, predicted in 2011 that global utility cyber security spending would exceed €10 billion euros through 2018, with about 63 percent of that spending aimed at the industrial control systems and SCADA networks used to control today’s grid assets.
Industry research firm Zpryme’s report finds that Global Spending on Security from now till 2020 will reach €12.5 billion, with distribution automation assets as the core focus. About €3 billion or 17% will come from the Asia Pacific region, especially China, Korea, and Japan and by 2020; Asia will have 35% of the world market.
One of the problems of securing utilities from cyber-attack is a siloed approach to technology. In many utilities, a gulf has grown between the information technology and the operational technology camps, often inflamed by political rivalries. Even in the engineering world there is a rift between field engineering and technocrats.
SAP has been working with cyber security software partner, AlertEnterprise, to help customer manage against the threat of cyber-attack. AlertEnterprise delivers Security Convergence solutions for corporate and critical infrastructure protection. It enables rules-based correlation of complex threats across the domains of IT Security, Physical Security and Industrial Control Systems. This allows for contextual understanding of security events and timely, informed action. It also consolidates Identity and Access Management functions for true prevention of theft, fraud, sabotage and acts of terrorism.
In the area of predictive risk analytics, AlertEnterprise on Hana can process huge volumes of data to produce accurate predictions fast.
SAP and AlertEnterprise are together working in some of the top utilities in the USA, like Duke Energy, Florida Power and Light and CPS Energy.