Innovating in cybersecurity to improve the resilience of energy infrastructure

Cyber attacks continue to proliferate, making the security of electrical networks a strategic priority. José Antonio Álvarez Cubero, International Business Development Manager at Axians, takes stock of these threats to energy infrastructure and the solutions to counteract them, in particular the “Secure Digital Network” demonstrator developed by Omexom and Axians.

What are the main cybersecurity problems that electricity networks might encounter?

José Antonio Álvarez Cubero: Modern electricity networks are the backbone of our infrastructure, but their growing complexity makes them increasingly vulnerable to cyber threats. The three main areas requiring vigilance are vulnerable operational technology (OT), IoT-induced disruption of remote-control systems, and vulnerabilities in the supply chain.

How is the number of cyber attacks and their impact on electricity networks changing?

J.A.A.C.: According to the IBM X-Force Threat Intelligence Index, 43% of incidents targeting the energy sector took place in Europe, followed by North America (22%), Latin America (14%), and the Middle-East-Africa and Asia-Pacific regions (11% each). According to the US Department of Energy (DOE), attacks and threats against the network doubled in the first quarter of 2023. A simulation carried out by Lloyds of London relating to a cyber attack on the Eastern Interconnection of the American power supply network showed 93 million people cut off from electricity, with economic costs potentially reaching US$243 billion.

Do you have any recent examples of massive cyber attacks?

J.A.A.C.: In May 2024, malicious hackers exploited vulnerabilities in a public electricity service’s systems, compromising the personal data of 850,000 customers. In November 2023, the largest cyber attack in Denmark, which affected 22 electricity companies, posed a potential threat to the country’s decentralised supply network.

What are the most innovative cybersecurity solutions currently available?

J.A.A.C.: The public energy services sector could considerably improve its resilience with innovative cybersecurity solutions. Automation, in particular, minimises response times and ensures an error-free initial analysis. In fact, artificial intelligence is further accelerating response times; it can also move more quickly to contain threats. Identity and access management (IAM) solutions, which are focused on detecting and responding to identity threats, ensure that only authorised users can access sensitive systems.

“The growing complexity of electricity networks makes them increasingly vulnerable to cyber threats”

But effective implementation goes beyond the technology. Public service customers need cybersecurity specialists who understand the unique features of their network architecture, including their budgetary constraints and operational maturity, and the skills required to roll out solutions.

Omexom and Axians have developed a “Secure Digital Network” demonstrator. How does it measure up as a response to these cybersecurity problems?

J.A.A.C.: This demonstrator was developed by SDEL Contrôle Commande, a business unit in the Omexom (VINCI Energies infrastructure brand) network specialising in monitoring and control systems, in collaboration with Axians (the VINCI Energies ICT brand). It serves as a hands-on shop window for the abilities Omexom and Axians bring to ensuring the cybersecurity and reliability of electrical substations. It is composed of two panels representing substations, with real apparatus connected to a remote-control centre for real-time monitoring.

The main areas of interest include interoperability between substations, SCADA (supervisory control and data acquisition) monitoring, electrical fault location, OT data management, and cybersecurity measures. The demonstrator incorporates advanced solutions such as MPLS (multiprotocol label switching) networking, firewalls, secure VPN (virtual private network) connections, and high-availability protocols.

How does collaboration between business units such as Axians and Omexom create added value?

J.A.A.C.: Axians are specialists in ICT solutions, while Omexom’s focus is on energy infrastructure. Together, they offer a comprehensive portfolio of solutions and services tailored to public energy services, meeting both their operational and their technology needs. Their combined abilities can help public services achieve their energy transition objectives by providing the ICT infrastructure they need to manage their entire value chain, from the production of energy to its consumption. With more than 1,200 local cybersecurity experts around the world, Axians and Omexom are able to effectively meet regional challenges while implementing best practice in every region.

What effects could “quantum-safe networks” have on cybersecurity?

J.A.A.C.: Rapid developments in quantum computing pose a serious threat to conventional cryptographic methods. As Dr Michele Mosca [a Canadian theoretical physicist specialising in quantum algorithms] has pointed out, there is a significant risk that public-key cryptography systems such as RSA and Diffie-Hellman could be broken by quantum computers as early as 2026, and with 50% probability by 2031. This underlines the urgency of implementing quantum-safe networks (QSNs) to protect sensitive data.

The imminent risk from quantum computing, often referred to as the “cryptopocalypse”, represents a critical threat to current cybersecurity infrastructure. The Cloud Security Alliance (CSA) has emphasised the urgency of this issue, launching a countdown to 14 April 2030, the date on which it estimates a quantum computer could compromise current cybersecurity systems. But QSNs offer a robust defence against quantum-era threats. The countdown to the quantum era may have begun, but Axians is committed to helping organisations build future-proof secure networks capable of withstanding quantum threats.

03/13/2025