Future-proof Network control technology: Challenges. Opportunities. Cyber resilience

What grid & system operators, energy suppliers and service providers need to know NOW!

Summary from the symposium for grid control technology on 25 & 26 March 2025 in Hamburg.

Initial situation: Energy supply in transition
– Energy transition & decentralisation: Increasing complexity
– Digitalisation and the introduction of new systems (e.g. smart grids) increase the demands on grid control systems.

– Obligation to connect to control centres & coordination with DSOs/TSOs
– Implementation of regulatory & legal requirements: Section 14a EnWG, NIS2, KRITIS, Redispatch 2.0, grid connection rules,

– At the same time: shortage of skilled workers & budget pressure
Declining availability of qualified employees makes long-term planning and the operation of grid control centres more difficult.
Lack of economic incentives in the current regulatory framework jeopardises investments.

Challenges in the energy sector
– Complex IT/OT systems
The integration of IoT devices increases the attack surface and requires comprehensive security strategies to minimise potential vulnerabilities.

– Integration of renewable and decentralised energies/generators (PV, storage, e-mobility)
The switch to renewable energies requires new technologies and infrastructures.

– Growing cyber threat
The energy sector is increasingly digitalised and networked, making it more vulnerable to cyber attacks.

– Incompatible system landscape
Many energy companies are still using outdated systems that are not designed for today’s cyber threats. This increases the risk of security gaps and successful attacks.

Opportunities & solutions
– Standardisation & harmonisation: Uniform grid management & systems
Introduction of uniform grid management guidelines enables efficient, secure and interoperable operating processes.

– Cooperation & centralisation: Joint control centres & procurement

– Digital operating processes: Automated grid management, intelligent local network stations & real-time data, cloud, artificial intelligence
Innovations can help to increase efficiency and develop new business models.

Cybersecurity: The Achilles heel
– Increasing attacks & vectors
Attacks on OT (Operational Technology) infrastructures, such as Stuxnet, BlackEnergy or Colonial Pipeline, demonstrate the vulnerability of critical infrastructures.

– Common weaknesses: old VPNs, unsegmented networks, lack of configuration/hardening, lack of updates, insecure control boxes, phishing, deepfakes, untrained personnel

– Lack of attack detection: SOC (Security Operation Centre), IDS/IPS (Indrusion Detection/Prevention Systems)

Cybersecurity measures
1. security in the complete system development/life cycle
2. network architecture
3. role concepts & rights management
4. pentesting & vulnerability scans
5. real-time monitoring
6. update, patch & change management
7. ISMS + BCM