Light Dark
January 23, 2015 By Domenico Raguseo 2 min read
CISO
Cloud Security
Energy & Utility

Security measures for energy production plants were formerly focused on the physical security of the plant, including considerations for the perimeter and reliable procedures. Years ago, cybersecurity was not considered so vital because energy production plants were based on SCADA systems that were closed off and ran on proprietary protocols. But are these systems still safe today?

The Stuxnet worm demonstrated in 2010 that even if a system is protected and cannot be accessed by external attackers, it can be hacked. This type of attachment at the programmable logic controller of the SCADA cannot likely be replicated for this peculiar case, though everyone remembers this event as a milestone. After 2010, the entire world was made aware that SCADA systems can be attacked and, thus, must be protected.

On the other hand, is it really true that SCADA systems are so closed that they cannot be accessed by external forces? The reality is that SCADA systems originally used proprietary interfaces that were not always very user-friendly. In order to improve the user experience, SCADA systems are now often interfaced with a standard user’s interface. Also, in order to reduce the costs of management, standard marketplace protocols are used. Therefore, SCADA systems may be closed, but they are based on elements that can be affected by cybercrime.

Grid introduction in the production of energy and the usage of digital metering systems for an intelligent utilization of the energy implies that the production plant cannot be included within a perimeter.

Industrial processes are now strongly based on IT. To create a problem for an enterprise focused on producing energy, it is not necessary to compromise the SCADA systems, but it could be enough to attack the customer relationship management system. In fact, how many days could an enterprise survive without receiving money from clients or without paying providers and employees?

Therefore, protecting an energy production plant is strongly connected to cybersecurity. There needs to be a holistic approach to protecting the enterprise. Rather than just focusing on protecting the infrastructure, data or application, all elements necessary to provide service should be protected.

 |  |  | 
Domenico Raguseo
Technical Sales and Solutions Leader in Europe, IBM Security

More from CISO
December 30, 2024

CISO vs. CEO: Making a case for cybersecurity investments

4 min read - Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is…

December 13, 2024

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

December 11, 2024

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature