Joeri Voets
CEO, SandGrain
New EU regulations require the energy sector to protect its assets with a higher level of cybersecurity in the face of increasing hacks and the threat from quantum technology.
Many organisations lack cybersecurity focus because “it’s not their core expertise,” explains Joeri Voets, CEO of cybersecurity company SandGrain. “It’s something they’re required to do, so they see it as a burden to postpone, rather than a benefit.”
This can even apply to entities in the energy sector which operate energy grids. “Grids are vulnerable to cyberattacks,” says Voets. “In fact, they’re attacked daily. To be more resilient, they need to have better protection mechanisms, growing more important daily in today’s geopolitical environment on one side and the push of a European Smart Grid on the other.” When quantum computers become available, they can also crack common asymmetric encryption methods and easily breach grid security.
Secure-by design platforms are a relatively simple way to prevent these attacks and represent an opportunity to build more resilient infrastructure
‘Harvest now, decrypt later’ (HNDL) attacks pose a particular risk to energy infrastructure, where devices and data must remain secure for – years. In this regard, two key pieces of European Union legislation — the NIS Directive and the Cyber Resilience Act (CRA) — represent a cybersecurity step change for the energy sector. Turning regulation into resilience with secure-by-design platforms NIS expands obligations to energy entities, mandating robust risk management, – hour incident reporting, supply chain security and board-level accountability, while prompting a transition to post-quantum cryptography by the end of.
To complement this, the CRA requires security-by-design for digital products, including field devices, the electronics automating and controlling the grid, smart meters, field sensors and energy storage systems. “These regulations require organisations to have a higher level of cybersecurity,” says Voets. “That’s a heavy burden for most grid operators, because replacing their legacy assets — or retrofitting security into them — would be unmanageable.” SandGrain offers a simpler solution. It uses secure hardware identities with cloud management to authenticate every device, enable safe firmware updates and protect boot processes. Operators can retrofit the system onto existing equipment — even complex AI from Nvidia, Intel or AMD — in one or two days.
This allows them to achieve full NIS and CRA compliance without expensive replacements, while gaining strong protection against quantum threats for the entire –year lifespan of their grid devices. Because these platforms are built with symmetric authentication algorithms, they provide future proof post-quantum resilience, can easily be added to existing electronics and made ‘securely connected’ whether through the cloud, on-prem systems or internal networks, thereby safeguarding the operational resilience of energy networks. “System breaches are huge, disruptive events which can cost a lot of money and massively impact,” says Voets. “Secure-by design platforms are a relatively simple way to prevent these attacks and represent an opportunity to build more resilient infrastructure.”
