GE Vernova & AWS Partnership Brings Secure Cloud Computing To The Grid

Over the past several years, the energy industry has experienced a major shift towards digital. From infrastructure to workflows and even predictability reporting using AI, grid modernization is here—and it’s moving to the cloud.

The benefits of the cloud such as efficiency and cost reductions are many, but operators still have many questions around reliability and security. They want to make sure that there is no adverse effect on reliability and the massive amount of data being transmitted isn’t compromised.

Our team at GE Vernova understands these concerns. It’s a major reason why we created GridOS®, the first grid software portfolio designed specifically for grid orchestration. So when it came to selecting a partner that could provide security and reliability in the cloud, the natural choice was Amazon Web Services (AWS).

We sat down with Matt Yourek, Director of Cybersecurity & Compliance, GE Vernova Grid Software and Kristine Martz, Power & Utilities Security & Compliance Lead, AWS to discuss the addition of AWS to the GridOS partner ecosystem. Here’s their take on securing the grid as it moves to the cloud.

A major part of grid cloud security is adopting a Zero Trust grid security model. As Matt Yourek puts it: “Zero Trust security really removes all the implicit trust and says, for example, ‘Kristine has an account but maybe her password was compromised. How do we know that it’s actually her anymore? Well, if we inject Zero Trust security methods into that we’d give her a token or some other two-factor authentication and require her to do that.”

In short, the Zero Trust grid security model requires all users, both inside and outside of a network, to be continuously authenticated to limit cybersecurity threats.

But Zero Trust grid security principles are not just for users. It’s also for systems. Which, as Yourek explains, is essential to consider when applying it to the grid. “Historically, some of the [grid] servers are highly available in the same network…but there are processes now where that can be exploited and attackers can use that against our system to actually impact the grid.”

Unfortunately, this has already happened. In December of 2015, Russian hackers compromised Western Ukraine’s energy grid and left over 200,000 residents in the dark for over 6 hours. It happened a second time barely a year later, in 2016.

As Yourek sees it, “[These] two attacks in the Ukraine in 2015 and 2016 used some of those principles of trust, and once they were in the system [the hackers] were able to cause outages.”

But Zero Trust grid security principles are only successful when accompanied by a concept Kristine and her team at AWS refer to as “shared responsibility.”

“Shared responsibility is not a new concept,” she said. “You have different teams that support the maintenance, security, and the implementation of all of your different technology solutions. That’s shared responsibility.”

The key difference between shared responsibility across your organization versus on the cloud? Entrusting those same principles to people outside of your organization.

“When you think about the cloud, you have to trust other organizations with some of those controls or some of those items that you would normally be performing yourself,” Kristine explains.

Kristine and her team specialize in setting organizations up for success with shared-responsibility security principles on the cloud through the use of training tools and certified reliability compliance frameworks. AWS has compliance certifications for over 90 programs including FedRAMP and NERC CIP, so operators have the knowledge needed to apply specific cloud security principles and regulations to their practice.

Speaking of regulations, expect to see more of them with the rapidly evolving cloud applications for the grid. “The technology exists and then the standards and guidelines evolve and then regulations tend to follow,” Kristine explains. She predicts new regulations will come soon, and is confident AWS is fully equipped to help operators comply with them.

“[Executive order] 14028 came out and it actually explicitly mentions OT systems being included…and they talk about federal systems being moved to Zero Trust security architecture,” Matt elaborates. “Those of us in the utilities industry know that they often start with the federal systems and then they’ll move to the critical infrastructure area because those are supporting Federal buildings [and] modern way of life.”

Regulations are on the horizon for OT systems, and any utility company not working towards compliance today will be left scrambling to catch up.

“We have people that can answer what Zero Trust [grid security] means for GridOS ,” Matt says. “For us, a lot of it is working with our customers and partners hand in hand.”

In summary, Matt emphasized that operators must consider how Zero Trust grid security principles fit into their entire infrastructure, beyond software applications. “I’ll finish off with [the fact] that it’s not just about software or networks—it’s about all of it,” Matt concludes.

For a deeper dive into Zero Trust grid security principles and how they can benefit utilities, check out our whitepaper on the subject.