In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack surface, and she explains why utilities must rethink threats, resilience, and trust.
Kumar explains that next-generation architectures need to build in security from edge devices through to cloud systems to keep up with emerging risks.
With increasing grid decentralization from rooftop solar to EV charging networks, how does the attack surface change, and what new threat vectors are utilities underestimating?
We are moving away from having a small number of centralised grid facilities. We now look around and see a grid that is a huge interconnected web of millions of devices like solar inverters, EV chargers, smart meters, and sensors. This has changed the attack surface significantly since each device represents a potential entry point for attackers.
Decentralisation makes the grid greener and more efficient but makes things much harder for a cyber defender. Threat vectors that utilities can underestimate include: Compromising firmware in chargers or inverters to alter functionality, spread malware and potentially move into broader energy networks. In 2024 at an automotive focused hacking competition, researchers exploited firmware vulnerabilities in multiple EV chargers achieving arbitrary code execution via Bluetooth.
The supply chain is always vulnerable and components sourced globally may introduce hidden vulnerabilities if compromised before deployment. We read in reporting all the time that nation-state actors are deliberately targeting hardware and firmware during supply chain operation.
Many grid systems rely on cloud platforms for orchestration. Weak authentication or insecure APIs can enable command injection or data theft and we have to consider data integrity attacks. Manipulated sensor data can lead to incorrect operational decisions, outages, or equipment damage. Its not just all about software patches now. Hardware-based trust and secure by design architectures is vital.
We’ve seen advanced nation-state activity targeting critical infrastructure. How prepared are smart grids to withstand a coordinated, multi-stage cyberattack?
It is difficult to know how prepared smart grids are to withstand a coordinated multi staged cyberattack, and I wouldn’t like to guess. We can however look back to the attack against the Ukrainian power grid in 2016 to learn some valuable lessons. That nation state sponsored cyber-attack caused a power grid to go down for about six hours and left over a million people without power.
Nation-state actors typically employ persistent, layered tactics such as reconnaissance, supply chain compromise, lateral movement, and data manipulation. I would hope that utilities are testing incident response processes for cyberattacks on the smart grid. Doing this is essential because of the unique characteristics and risks already mentioned.
I have been involved in a number of severe cyber-attacks against critical national infrastructure which have escalated into situations that posed significant harm to individuals. People sometimes forget that damage to CNI and subsequent cut-off to essential services could cause harm to individuals. The smart grid powers essential services such as hospitals, transportation and water systems.
Conducting tabletop exercises and cyber simulations and testing different scenarios will help smart grids to withstand complex intrusions. That will increase their preparedness and ability to respond.
Utilities are integrating AI for demand forecasting and fault detection. How do you secure AI systems themselves from model poisoning or data integrity attacks?
To avoid any confusion for the readers, I think it’s important to distinguish between AI security which is what we are talking about here compared to AI for cybersecurity. AI security focuses on the protection of AI systems themselves and AI for cyber means using AI as a tool to defend against cyber threats. At the heart of AI security is the CIA triangle and so we want to protect the Confidentiality, Integrity and Availability of data.
Utilities also need to think about accountability. Encrypting sensitive data to help prevent unauthorised access to AI training datasets and verifying data sources should be standard practice. Regularly sanitising data to remove any malicious or unwanted elements can help mitigate AI security risks.
Protecting AI models from attacks is as important as protecting data. Regularly test AI models to identify potential vulnerabilities. Prevent attackers from being able to reverse engineer an AI model to extract sensitive data by using something called differential privacy which is essentially controlled noise. Train AI models on algorithms that simulate attacks to help them more quickly identify attacks.
Implement strong access control mechanisms to make sure only authorised individuals can interact with or modify AI systems. For rigorous accountability, continuous monitoring and auditing of AI systems is essential.
Incident response in OT environments can’t rely on “disconnect and patch.” How can utilities build faster, safer recovery protocols that won’t cause cascading outages?
Patch implementation and management is definitely more complex in OT than in IT, as they involve balancing cybersecurity needs with operational safety, regulatory compliance, and system uptime.
Installing patches without structured management or without a plan could destabilise critical infrastructure and result in the negative effects I already mentioned. For me, patching in OT is non-negotiable, it reduces cyber risk. Before we even think about recovery protocol, utilities need to implement a risk-based approach for patching efforts.
Threat modeling and real-world exploitability alongside the criticality of an asset could reduce the risk and urgency for patching. In terms of building faster and safer recovery protocols, I would first suggest making sure the fundamentals are in place. I already talked about enhancing incident response (IR) preparedness and so having OT specific IR playbooks/process and testing those regularly through tabletops and simulations is essential.
Keeping offline immutable backups might seem obvious, but that needs to be done for systems specific to industrial processes like SCADA, PLC and HMI. Something I have seen in my past career is the restoration of backups can be overlooked, whereby there are no protocols for restoration and testing. Just like in IT, recovery can be safer by implementing network segmentation and isolation zones to contain threats without shutting down entire grids.
Controlled remote access for secure recovery is a must. MFA, session recording and time bound access should be the norm.
I worked for a global telco in 2022 leading the Global Cyber Incident Management team. That year saw a cyberattack result in a network outage in Portugal. The impact was loss of some voice and data services, some TV services and enterprise and business applications across the country, as well as international connections. If it was not for the session recording, it is very unlikely, we would have been able to determine the root cause and the attacker’s actions as quickly as we did.
If you could redesign one layer of the grid with cybersecurity baked in from day one, which would it be, and what would it look like?
That’s a very difficult question as redesigning each layer of the grid would bring benefits. But I am going to go for the distribution layer because of the impact on public safety.
I have always worked in roles that serve to protect the safety and security of people. A compromise at this layer can cause local outages, voltage instability, and maybe even damage to consumer equipment. There is a direct connection to devices in homes and businesses.
In March this year I was due to take a flight from London Heathrow Airport on the day it closed due to a fire at a nearby electrical substation. I remember the chaos that incident caused all over the world.
The distribution layer is critical not only to transportation but to emergency services, hospitals and water systems. This layer has the largest attack surface and so redesigning it could reduce that significantly. I would want devices like smart meters and EV chargers to have tamper-resistant hardware and encrypted communications to prevent intrusions.
Modern devices have this already but older ones and 3rd party devices no doubt lack these controls. It has got to be the norm that every device and every user is continuously proving identity through a zero trust approach. Absolutely nothing or no one is trusted by default. Detecting and isolating attacks at the edge would be the norm with a particular focus on systems that are near homes and businesses. And lastly in my redesign, all devices would be able to receive secure software patches remotely and not just the newer devices.