Cyber for Utilities

Contact us
cybersecurity

Sustainability is driving digitalisation

Creating the resilient and secure smart grids of the future


Utilities are under pressure to make better use of scarce resources which requires greater control of assets and their usage. 

With increased digitisation comes a greater potential for attack

The digital transformation of our critical infrastructure isn’t a nice-to-have, it's a must-have - especially if we’re to meet future energy demands, improve efficiency, and enable smart-grid capabilities that offer a new level of control and resource management. 

As these systems become increasingly digitalised and interconnected, they also come under increasing attack from hostile actors. And the threats are evolving at an alarming rate. According to the 2024 Thales Data Threat Report, 93% of CNI organisations saw a rise in cyberattacks over the last year, 42% of which suffered a data breach. 

cybersecurity

Some of the emerging threats we see are

  • Interconnected Systems: Smart grids and smart meters are connected to broader networks, making them more vulnerable to cyberattacks. Each connected device can become a potential entry point for hackers.

  • IoT Vulnerabilities: The proliferation of Internet of Things (IoT) devices in smart grids increases the attack surface, as many IoT devices may have weaker security controls.

  • Third-Party Risks or supply chain vulnerabilities: Utilities rely on various vendors and suppliers for hardware and software components of smart grid technologies, which can introduce vulnerabilities if those third parties have inadequate security practices.

Cyber-attacks can target both information technology (IT) and operational technology (OT) with both having far reaching consequences. When it comes to IT, the risks tend to be around data theft or loss of data, for example as a result of a customer data breach. With OT, we need to consider the risk to our critical infrastructure, from smart grids to power stations, water reservoirs and sewage systems, as well as smaller assets such as smart meters. In this case, a successful cyber-attack could result in a loss of critical services and even compromise health and safety.

cybersecurity

Cybersecurity Considerations for Utilities

cybersecurity

Grid Infrastructure Security

  • SCADA Systems: Protect Supervisory Control and Data Acquisition (SCADA) systems from unauthorized access and cyber intrusions, as these control critical operational functions.

  • Operational Technology (OT) Security: Ensure that OT systems are secured separately from IT networks to minimize risks.

cybersecurity

Enterprise security

  • Applications: Protect from bots and direct attack on applications and application 

  • APIsData: Protect customer data being stored, moved and processed.

  • Identity and Access Management: Ensure access to data and systems is to those who are entitled to access it. 

cybersecurity

Interconnectivity and Integration

  • Communication Protocols: Secure communication protocols (such as IEC 61850, DNP3) used in smart grid infrastructure to prevent eavesdropping and tampering.

  • Threat Modeling: Consider the potential risks introduced by integrating distributed energy resources (DERs) and electric vehicle (EV) charging systems into the grid.

cybersecurity

Our Cyber Utilities Services

We offer a range of products and services designed to secure both IT and OT environments

Enhanced Digital Security: The Powerful Alliance of MDR and SIEM to Protect Your Business from Cyberattacks

Thales Consulting Services

We work with organisations in the utilities sector to help them:

  • Understand the risks and threats they may be facing through Threat Intelligence and Digital Risk Protection Services so organisations are better prepared.

  • Understand how international and national regulations such as NIS2 impact utilities, and what needs to be done to be compliant Support their reliance into the supply chain through Third Party Management Services

  • Identify vulnerabilities in their OT and IT systems through extensive infrastructure audits and propose how to mitigate or address them

  • Identify where there are weaknesses in processes that could result in an organisation being vulnerable and how security processes should be updated

  • Good cybersecurity and cyber resilience is about how equipment, systems and people respond to a cyber-attack. We train utilities staff on good cyber security procedures and processes using either classroom training or around physical and virtual test benchesHow to introduce cybersecurity by design across the lifecycle of their infrastructure.

cybersecurity

Protect

We partner with utilities companies to build cyber-resilient systems through Zero Trust Architectures. This approach defends against internal and external attacks by securing connections between users, devices, data, and applications.

  • Identity: Implementing PKI, digital identity, and Multi-Factor Authentication ensures all entities are verified.

  • Devices: Securing devices, authenticating supply chain components, and tracking inventory.

  • Network: Offering encryptors to protect data integrity, provenance, and encryption in transit based on risk profiles.

  • Data: Providing encryption solutions for data at rest, on-premise, or in the Cloud.

  • Applications: Safeguarding against cyber-attacks with bot and application protection tools.

  • Testing: Delivering test benches to assess the cybersecurity and resilience of OT systems.

cybersecurity

Detect and Respond

With rising cyberattacks on utilities, continuous monitoring is critical. It's not about if defences are compromised but when—and responding quickly. We support organisations with:

  • Managed Detection and Response (MDR): Customised services leveraging market-leading technology, from building and transferring a Security Operations Centre (SOC) to providing a managed Sovereign SOC. With 11 SOCs worldwide, we enable OT and IT SOC convergence for enhanced cybersecurity.

  • Digital Forensics and Incident Response: Rapid analysis and response to incidents.

  • Attack Surface Management: Includes vulnerability management, penetration testing, and breach simulations.

  • Exercising: Using utilities’ OT test benches, we train staff to respond effectively to cyberattacks and strengthen procedures.

Quantum-cryptography-threat

Security Integration services

With a pool of cyber integration experts, and in partnership with more than 100 high-end vendors of cyber technologies, we can support your integration needs with specific expertise in solutions for energy providers.

  • Detection and response technologies: SIEM, SOAR, EDR, etc

  • Protection technologies : Network protection, IAM technologies, PAM technologies, etc

  • Threat intelligence technologies

cybersecurity

Why choose Thales for cybersecurity and resilience

cybersecurity

Safeguarding Utilities: Tailored Cybersecurity for Critical Infrastructure

Strong cybersecurity and resilience of utilities is critical to national security, economic prosperity and the safety and well-being of citizens. At Thales, we are one of the leading providers of cybersecurity support for utilities organisations and work with over 50 electricity, gas and water companies. 

Through our extensive experience, we’re uniquely placed to provide a comprehensive suite of cybersecurity services that address the challenges faced by the utilities sector. Our experts will work closely with you to design and implement cyber solutions that are tailored to your infrastructure, security requirements, and operational objectives.

cybersecurity

We are a Global Leader in Digital Trust

Our business is about protecting the infrastructure and systems of governments, defence organisations and Critical National Infrastructure. We work right across the utilities sector, from producers to distributors and suppliers, to secure critical infrastructure and systems, and make them more resilient.

cybersecurity

Understand Risks and Build Processes to Mitigate

Our experience in the utility segment can help you understand your risks and vulnerabilities from technology and human behaviour, and put in place plans to mitigate those risks through technology action plans and updated processes

Partage-risques-données-organisation

Build in Protection Using Cutting-edge Technologies

Our support can help you integrate the technology you need to secure your systems and infrastructure, and make them more resilient to attack from PKI infrastructure, to Multi-factor authentication to data encryption at rest and in transit

cybersecurity

Detect Attacks and Respond to Them

We can implement solutions and processes that enable you to quickly detect and respond to cyber-attacks.  We can also help you manage your attack surface to reduce the likelihood of attacks. We also offer a global incident response service to help you daily or in case of urgency, recovering from any cyber incident targeting your organisation.

cybersecurity

Ensure Systems and People Are Ready for Cyber Attack

Our physical test benches and virtual environments can help utilities organisations test infrastructure and systems against cyber-attacks, train staff on cyber secure processes and procedures, and finally exercise staff and procedures against realistic simulated attacks.