German energy suppliers have been declared as operators of critical infrastructures since the summer of 2015. According to the IT-Security Law they must send data via a secure connection.

The law came into effect on 25th July 2015 and needs to be followed by operators of power grids, gas networks, power plants and by direct marketers. In the water sector operators, such as drinking water extraction plants and water networks are effected by the IT-Security-Law. Since the law came into effect all of these companies are held to fulfill minimum safety standards and are obliged to report violations. 

Security – yes please!

Plants of critical infrastructures are popular targets for hackers due to their crucial function and are considered especially worthwhile to protect. The simulated attack on the energy supplier “Stadtwerke Ettlingen” in 2014 surely had an impact on bringing the IT Security Law onto the road by the following year. The hacker Felix Lindner and his team showed quite impressively how easy it is to take charge of the control and navigational functions of the Switchboard – They only needed two days to achieve that. Therefore, it is a high priority for energy suppliers to avoid safety gaps.  

Bureaucracy – no thank you!

To ensure a high standard of security is one thing. Another thing energy suppliers should strive to achieve is to reduce bureaucratic structures. Solutions which compromise this such as sending sensitive information via post instead of email are time-consuming and inconvenient - not only for employees but also and more importantly for customers, too. They could even cause energy suppliers a competitive disadvantage. Customers are getting more and more sensitive when it comes to their data. They want to be able to communicate quickly and safely. Making them print forms and send them via post is neither customer-friendly nor up to date – yet still common practice among energy suppliers.

Secure data transfer with the right software solution

Cryptshare makes data transfer simple and secure. For instance the energy supplier „Stadtwerke Wolfenbüttel“ uses Cryptshare to exchange data with auditors and to send and receive large files. The software runs on the company‘s own server. This energy supplier and their external communication partners use the Cryptshare server via a web interface. Compared with email this installation has not only the advantage of transmitting large files and email data encrypted but it also protects the company against spam, social engineering and ransomware-attacks. (More on this issue in our article on: How to protect yourself from ransomware attacks.)

Cryptshare is also available integrated into the most used email systems where the administrator can define settings to ensure outgoing emails of employees are sent according to the policies of the company and according to legal requirements. The employees need not worry, if they send the contract secured or unsecured, the policy defines certain criteria such as keywords, senders or recipients pairs that this email must be sent encrypted. This way your data reaches its destination securely – for certain.

A Challenge that can be solved by any energy supplier

Energy suppliers carry a high social responsibility, today and even more so in the future. Therefore, they need to make sure that their processes for safely exchanging data are thorough. Above all, they must protect themselves from malicious external attacks and unwanted access, and then they need to make communication between themselves and their customers as easy as possible in order to remain competitive. Cryptshare helps them take care of this responsibility.