I am excited to share that I have joined WePower as their Chief Information Security Officer (CISO). Over the past 12 years I have been heavily involved in the energy industry and cybersecurity.
Previously, I was the Director of Operations at the European Network for Cyber Security (ENCS) aiming to enhance the utilities’ security and privacy landscape. I have been closely involved in the European Commission’s work on privacy, data protection and cybersecurity within the Smart Grid environment.
Back in the day, I worked at one of the world’s leading Smart Meter manufacturers as a Solution Manager, where I was in charge of securing Smart Metering applications and making sure they were fully compliant with the latest EU standards.
I would now like to share some thoughts on what we are planning to do at WePower.
We live in the time where big security breaches are nothing uncommon. Just recently, Bloomberg reported a massive Chinese spying scandal involving Apple and Amazon. Both energy and finance are two critical infrastructures that could be threatened by cyber attack.
The finance sector, due to early adoption of digital commerce, has by now developed an in-depth cybersecurity culture. As the digital transformation of the power industry continues, the pace is likely to pick up when it comes to addressing cybersecurity issues within the energy sector and it will evolve to be on par with the finance industry.
The specific security challenges of the energy industry
We have already seen the consequences of cyber attacks on the energy sector — the most prominent being the widespread power outages that crippled Ukraine in late 2015.
The threat is real. Interconnected and automated systems controlling the energy grid can be attacked causing physical consequences in the real world. This creates a whole new dimension when we consider cybersecurity. Successful cyberattacks have the potential to cause regional or national outages as well as damage to stations and generators.
Cybersecurity for blockchain and Smart Contracts
WePower is creating smart contracts and storing information on blockchain which is very exciting, but there are also some specific security considerations when it comes to protecting the company and its investors against cyber attacks.
We know that lack of proper security attention has caused significant damage in this domain for other companies — most notably the “DAO hack”. Attacks of crypto-currency exchange platforms have caused significant losses.
A security-by-design approach
The best way to protect companies like WePower from cyber attack is a security-by-design approach and we will be examining every aspect of the business to ensure that cybersecurity is at the center of all processes and products.
My role will include facilitating an overall security program for WePower giving the following elements particular attention: the security of Smart Contracts; the security aspects of the WePower platform; and the overarching aspects of the organization itself.
We will be implementing all policy, control, monitoring and response mechanisms based on the identified risks and following industry best practices and standards.
At the end of the day, we can only build sustainable systems if they are secure and trustworthy. This relates particularly to the digital platforms and systems we plan on using to manage energy supply for our customers.
I look forward to making a difference with the WePower team and helping to achieve their vision of injecting more renewable energy into the Smart Grid!