Cyber security end-to-end testing
To combat the threat of cyber attacks on our energy grids, DNV has developed an end-to-end security testing service covering SCADA, smart grid and AMI (smart metering) systems that provides an overview of the current level of security in the system.
In the past, electricity grids were largely isolated systems. However today, making things ‘smarter’ also means grid elements are now connected to external systems, via wired or wireless communication nodes. Essentially, smarter grids mean more complex energy systems with every connected component becoming a potential access point, making the entire system increasingly vulnerable to cyber attacks.
Prepared for tomorrow
As a forward looking company, we understand the urgent need for effective cyber security that can guard against any attacks today, and in the future. This will help operators avoid the potential downtime and damage to their public image that a malicious attack could cause. Furthermore, with legislation on cyber security already in place in countries like the USA and currently being drafted in several European countries including Germany, Norway and the UK, being prepared can put you ahead in the market.
Addressing these growing concerns and needs, we have developed a complete, end-to-end cyber security testing service to help ensure your energy systems employ a high level of protection. This complete service consists of an analysis on system level, as well as in-depth component cyber health testing for the most critical components.
Comprehensive approach to testing
At DNV, we feel a responsibility to contribute towards safeguarding the future of the energy industry, as well as society at large. Therefore we provide the cyber security end-to-end system testing service to ensure there is good insight in the level of cyber security of the energy industry. The diagram below outlines our comprehensive approach to end-to-end cyber security system testing.
Are we secure enough?
Our service allows operators to assess cyber security levels within their grid systems, taking all relevant policies, procedures, standards and latest best practices into account. This is important, as security needs to be aligned with compliancy regulations, company policy, and defined in formal procedures to ensure security is maintained during operation. At the same time cyber security is a fast moving field, causing legislation and standards to quickly become outdated. Therefore the adherence to currently relevant best practices is important to ensure that the newest technologies and vulnerabilities are taken into account.
It offers objective cyber security validation for systems, end-to-end. Ultimately, it provides your system security staff with a detailed, unambiguous and traceable answer to the question ‘are we secure enough?’
In this context, ‘secure enough’ means we make sure that the appropriate security measures are taken in accordance with the types of potential threat, the possible incident scenarios and are aligned with the cost involved to implement security and the potential damage that could occur. This alignment is important to ensure that a balanced and efficient approach is taken to ensure that a system is secured against large and costly incidents, but is not unmaintainable or overly expensive due to the chosen solution.
A proven cyber security partner
DNV combines traditional IT security expertise with a deep understanding of the electricity transmission and distribution industry. Our team of local and international experts draws on extensive knowledge and experience in a number of relevant areas such as cyber security vulnerability assessments and information risk management as well as SCADA and AMI protocol testing. This ensures all testing, together with the suggested mitigation measures, are tailored to the specific needs of the energy industry as well as your own particular circumstances.