As the traditional electric power grid evolves into a connected smart grid consisting of millions of interconnected devices and entities, the potential for malicious hackers increases exponentially. As vulnerability increases, so does the criticality of advanced cyber security measures. Here are five recent articles about cyber security solutions in the energy industry you should be reading.
The Cybersecurity 202: Here Are the 55 Things the US Government Most Needs to Protect Against Cyberattacks by Joseph Marks
The Department of Homeland Security has released a new list focusing on critical functions that need to be protected against cyberattacks, instead of overly broad industrial categories. The department will use this new list and conversations with industry leaders to identify the gaps and overlays between industries and identify the most critical of critical functions.
“DHS’s previous system for categorizing digital threats focused on 16 critical infrastructure sectors but didn’t deal with the complex web of interdependence between them. And it didn’t distinguish between truly vital systems, like those that deliver electricity, versus less vital ones, such as that electric utility’s public-facing website.”
World Economic Forum: The Growing Cyber-Risk to Our Electricity Grids – and What to Do About It by Karime Kuri Tiscareno
Smart grids increase resiliency, make systems more efficient and have the potential to deliver more value to society than any other individual digital initiative, but as the grid becomes smarter, it also becomes more at-risk for cybercrime. Energy and utilities are the second most impacted industry in terms of cost. This article explores steps to reduce the risk of falling prey to cybercrime.
“But as electricity grids increasingly become smart – and interdependent – the impact of a cyberattack also becomes more severe and wide-reaching. The World Economic Forum’s Global Risk Report 2019 suggests that large-scale cyberattacks rank fifth among the risks most likely to occur in the next 10 years. The cost of a cyberattack on the US smart power grid is estimated to be $1 trillion – roughly eight times the cost of cleaning up the Fukushima nuclear disaster.”
Dark Reading: Security Depends on Careful Design by Susanto Irwan
As the Internet of Things proliferates, so does cyberattacks – 40 percent of US businesses experienced a ransomware attack last year, and the energy industry experienced 20 percent of the overall attacks. Air-gapping is becoming more untenable and isolated systems are connected, so energy utilities must be on high alert for potential attacks. This article looks at cyber security solutions using layered security and universal, role-based access.
“But in industrial operations, which are physically disparate and varied in connectivity, we must move beyond one centralized security center to a decentralized model. By deploying smaller, focused devices, we can extend beyond network-level security to protect to millions of previously exposed devices and control systems at the operational edge.”
Although hackers – seemingly Russian – managed to disrupt power in the Ukraine, at present, they have mostly performed surveillance on American systems, perhaps with an eye toward weaponization in the case of a future conflict. While it’s important to protect the grid, energy utilities also should invest in cybersecurity for IT systems as well.
“‘It really is very easy,’ said Morales, ‘for an attacker to get into an energy utility network, use the tools that are already there – such as Outlook web access – and then be able to hide within the signal of things that are already happening. The behaviors they use aren’t really special, they’re just using what’s already there. In one instance, attackers used a Fortinet VPN client to do command and control – which is not something usually monitored by security systems. When they get onto a network, they use things like PowerShell to remain invisible. I wouldn’t say they use advanced tools, although I would say they are advanced attackers.’”
In partnership with Taekion, the Department of Energy is exploring how blockchain and decentralization can eliminate single points of failure and protect power plants from having operational information altered. The department will be investing several million dollars into blockchain research pertaining to cybersecurity.
“In an example of how a cyberattack could take place on a power plant, the lab said a system could be compromised so that it appears operational when it has actually been shut down by hackers, potentially ‘leaving millions without power.’”
The IoT and smart grid pose exciting possibilities for the future of energy as long as time, manpower and money are invested to ensure its security with up-to-date cyber security solutions.
HomeServe USA offers a suite of emergency home repair plans that can give your customers choice and peace of mind while improving satisfaction, an important ROI metric. With a more than 400-seat call center available 24/7/365 and a nation-wide network of insured, licensed and thoroughly vetted contractors, HomeServe is ready to respond to any home emergency.