Cybersecurity

Creating More Resilient Energy Infrastructure through Cybersecurity Collaboration

Today, we find ourselves in the most challenging business environment of our lives. Multinational businesses thrive on certainty and predictability. But in the last several years, we’ve endured a barrage of disruptive and unpredictable events that have accelerated challenges and opportunities.

We’ve endured a once in a lifetime pandemic that has affected each of us in profound ways.  The ongoing recovery from the pandemic has been uneven throughout the world and disruptions to global supply chains continue to impact practically every business.

And on the heels of this two-year disruption, we now face what is unfolding in Ukraine with the war which will have significant impact on energy security and the cybersecurity of critical energy assets.

While our sector and the broader technology industry were already sensitive to growing cybersecurity vulnerabilities, we now find ourselves in a new era of energy security concerns and a greater need to bolster and protect the critical energy infrastructure of the customers we serve.

As we learned from President Biden on March 21, 2022, we can expect to see increased malicious cyber activity within U.S. and allied critical infrastructure.  I can say with certainty that we at Schneider Electric have seen such an increase and we remain vigilant in protecting our company and customers. 

On April 14, 2022, we issued a security bulletin, in collaboration with the U.S. Department of Energy, the Cybersecurity & Infrastructure Security Agency (CISA), and cybersecurity defense partner, Mandiant, detailing, INCONTROLLER, a novel industrial control system (ICS)-oriented attack framework, built to target machine automation devices in critical infrastructure environments.

Working with our Federal government and industry partners, we were able to analyze this malware framework and publish protective measures prior to the framework being exploited for destructive effect.  This is an instance of successful collaboration to deter threats against critical infrastructure before they occur, and further underscores how public-private partnerships are instrumental in countering threats.

Today, I’m announcing that we plan to build on this successful collaboration as an inaugural member of CISA’s ICS-focused Joint Cyber Defense Collaborative (JCDC).

As CISA Director, Jen Easterly announced at the S4x22 conference, the JCDC’s mission is to lead collaborative, public-private sector cyber defense planning, cybersecurity information fusion, and the purposeful dissemination of cyber defense guidance to reduce cyber risk to and increase the resilience of U.S. National Critical Functions.

We plan to be an active voice for the ICS community and U.S. critical infrastructure as we plan for and defend against more sophisticated cyber attacks.  As a community, we must continue to build cyber defenses in our systems and products while focusing on a more resilient future.

A future where critical infrastructure can withstand cyber attacks and remain functional in the face of disruption.  This is the direction we must take our planning efforts as part of the JCDC so that we can prepare ourselves for the next phase of this era.

For more information on Schneider Electric’s existing cybersecurity collaboration, please see below:

Our integrated solutions enable homes, commercial buildings, data centers, and critical infrastructure to operate more efficiently and securely.  Our products and systems are used in over one million buildings worldwide, including 40,000 water & wastewater treatment installations, 40% of the world’s hospitals, 10 of the world’s top electric utilities, and 10 of the world’s largest airports.  The cybersecurity of these products and systems is therefore of vital importance to us and our customers.  As such, Schneider Electric is an active participant in the cybersecurity community in the U.S. and abroad.  Below are selected examples of our engagement:

More on our cybersecurity posture and activities can be found at our Cybersecurity and Data Protection Posture page.


No Responses

Leave a Reply

  • (will not be published)