Skip to main content
close search
site logo
Dive Brief

NYPA, Siemens partner on new cybersecurity center as COVID-19-driven changes increase threats

Published July 30, 2020
Robert Walton's headshot
Senior Reporter
NYPA

Dive Brief:

  • The New York Power Authority (NYPA) and Siemens Energy on Wednesday announced plans for an industrial cybersecurity "Center of Excellence" that will initially defend the public utility's operational technology (OT) assets and could ultimately assist other power providers in securing the grid.
  • There is a growing threat to utility OT, including to the industrial control systems (ICS) which increasingly manage the electric grid, and utilities are often confused about what issues to tackle first, according to Leo Simonovich, head of industrial cybersecurity at Siemens Energy. "We're looking to create the blueprint for the next generation of security for substations, power plants, solar and wind turbines," he told Utility Dive.
  • The U.S. intelligence community last week issued a warning to critical infrastructure providers regarding threats to OT and ICS. And the comment deadline on a White House executive order to secure the bulk power system has been extended until Aug. 7, after a coalition of utility groups asked for more time.

Dive Insight:

Cyberattacks pose an increasing threat to the electric grid, as more ICS is internet-connected and hackers launch increasingly-sophisticated attacks. 

NYPA has been installing new sensors and monitoring equipment across its grid in a bid to become the first fully-digital utility, and says its Advanced Grid Laboratory for Energy (AGILe) will now work with Siemens to identify security gaps and establish demonstration pilots to address them.

OT assets in use today "are particularly vulnerable to cyberattacks as much of the energy industry’s critical infrastructure was engineered before the widespread digitization of industrial control systems," NYPA said in a statement.

The new security center will focus on digitization, and NYPA may be uniquely qualified to host the endeavor — it has been rolling out thousands of sensors across its transmission and distribution assets as part of its AGILe efforts. Those efforts will eventually benefit the wider utility sector, said NYPA Vice President and Chief Information Security Officer Kenneth Carnes.

"The threats continue to change," Carnes told Utility Dive, "and there are a lot of public and private utilities that may not have the workforce to support the work larger entities do. We are looking to build models, to truly enable them."

NYPA's AGILe project was initially aimed at finding new ways to leverage upstate wind and hydroelectric generation, but the COVID-19 pandemic has accelerated interest in using the growing number of digital sensors to also combat cyberthreats.

COVID has "accelerated the push towards connectivity of the existing brownfield environment and infrastructure," said Simonovich, "As workers move to remote, many are connecting to field assets and in the process crossing lots of boundaries that in the pre-COVID world would have served as gates and security checks. ... it has morphed the attack surface, made it more decentralized and harder to secure."

COVID has "put a spotlight on the need to do more monitoring and gain more visibility," Simonovich said.

Conversations about the cybersecurity partnership began before the pandemic, said Carnes, but accelerated as it became clear the virus could have long-term impacts and leave utility workers accessing systems and ICS from more remote locations.

"Being able to provide those same capabilities and functions in a more remote location, could be critical for long-term viability," Carnes said. "We want to leverage this time when there are a lot of individuals and entities in need of information."

DOE extends comment deadline on grid security order 

NYPA's announcement comes as the federal government has shown an increasing interest in grid security. 

The National Security Agency joined the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency on a July 23 cybersecurity alert to operators of critical infrastructure, outlining "immediate actions" that should be taken during a "time of heightened tensions" to avoid being compromised by a cyberattack.

And in May, President Donald Trump signed an executive order halting the installation of bulk-power system equipment "designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary."

Comments on the executive order are due Aug. 24. The U.S. Department of Energy extended the deadline after a coalition of utility groups warned it needed more time to respond fully, particularly to address cost issues.

"Economic and other analysis identified in several comment categories may need to be undertaken to ensure a comprehensive response to the notice and it is unlikely that such analyses can be completed by the current August 7 deadline," eight groups said in comments filed earlier this month.

The groups, including Edison Electric Institute, American Public Power Association, National Rural Electric Cooperative Association, American Petroleum Institute and Electric Power Supply Association, had asked for an extension until Sept. 7.

Editors' picks

Company Announcements

View all | Post a press release
Survey: Utilities Boost Renewables, Reliability Other Goals with Connected Field Assets
From Sitetracker
November 25, 2024
Oncor System Resiliency Plan Approved by PUCT
From Oncor
November 14, 2024
Heat Pump Assisted Water Heater Technology Could Make Big Lift
From Energy Solutions
November 07, 2024
Chartwell Electric Vehicle Benchmark Survey in the Field for North American Utilities
From Chartwell Inc.
November 19, 2024
Editors' picks
Latest in Transmission & Distribution
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell