Subscribe to Blog Updates

A step away from VPN

For the last two decades, Virtual Private Networks (VPN) have been known as the solution for ensuring privacy. However, varied digital ecosystems, cloud migration and workforce mobility have created a climate where traditional VPN systems do not always suffice. Here, I'd like to discuss why the energy industry is looking for alternatives.


VPNs on the grid

VPNs were introduced over two decades ago to enable safe, remote access to the internet with a secure connection; enabling remote connectivity for millions of users. Whilst this was a great fit 20 years ago, they cannot offer the scale of required protection needed against today’s complex environment of 5G and Internet of Things (IoT) technologies.

For the energy sector, this complexity is exasperated even further as modern grids incorporate a huge array of assets — from ageing substations, to hyper-modern renewable generation sites.

VPNs are used to extend network connectivity between users and Industrial Control System (ICS). In an energy grid environment, many deploy VPNs to gain remote access to these systems — with the objective to reduce downtime and enable constant asset monitoring.

Safety, security and data breaching

The impact of security breaches on the energy grid can be colossal. As such, grid operators cannot afford to hold onto solutions that do not provide adequate security — and while they are widely used, VPNs represent a target for cyber-attacks. Allowing remote access to ICS increases the risk to the grid, meaning if hackers can get into the system, they can potentially access the energy supply of entire nations.

Back in 2015, Ukraine experienced a series of cyberattacks on three energy companies, sabotaging the grid’s power distribution equipment. Hackers reconfigured the power supply, gained access to user control and wrote malicious firmware to take out control systems so that no alternative power could be provided. This was a first-of-its-kind attack and sent a clear message to power grid users that security and safety should be a top priority.

As well as the security tisks, VPN servers also suffer scalability issues. VPNa are typically limited in the number of VPN ‘tunnels’ they support. When an industrial network grows, more devices connect to the network with an increasing number of engineers supporting businesses operations. This leads to an increase in VPN connection required and unfortunately, once this number exceeds the VPNs capabilities, engineers need to install a new VPN server and go through another time-consuming configuration process.

A change in the right direction

A new way forward is essential, to improve security and provide grid operators with a scalable superior network access control. As an alternative, some energy organisations are considering MQTT.

MQTT stands for Message Queueing Telemetry Transport, but it is widely referred to as the IoT protocol. The system allows users to publish and receive messages as and is specifically designed for devices with low bandwidths — like IoT devices.

MQTT provides a simpler method of data transfer than a traditional VPN. Imagine there is a broker collecting data on one side of the system, and another broker at the other. To exchange data, the two brokers simply shake hands and use a software platform to configure the communication. COPA-DATA’s zenon IIoT Services offer a cloud-based and scalable alternative method of enabling the ‘handshake’ — and therefore allow for the data exchange — without the use of a VPN.

What’s more, because COPA-DATA is certified with IEC 62351, the current standard for security in energy management systems and the exchange of energy-related data, the network using MQTT is better protected against cyber threats.

zenon uses applications on the company’s network without having to connect them to individual production cells.

As energy grids continue to evolve, we need to debunk the myth that VPNs cannot be rivalled. As new energy grid technology is creating a rapidly changing environment, the industry must match the same speed of development in relation to cyber-security.