As infrastructures for energy and utility companies undergo digital transformation, they are increasingly vulnerable to cybercriminals. Convergence-enabled cyberattacks—where criminals exploit traditionally isolated operational technology (OT) devices through their new connections to the IT network—may be motivated by the desire to hijack and demand ransom for services, steal trade secrets through industrial or national cyberespionage, or commit cyberterrorism or engage in cyberwarfare.
In September 2018, the U.S. Congressional Research Service reported on the cyber threat to the energy and utility sector, identifying specific vulnerabilities. Risks include vulnerabilities in Industrial Control System (ICS) networks, malware, the IoT, supply chain risk and human risks, such as falling for phishing attacks. Several strategies can address these risks:
Start with zero trust. Investigate and qualify every device and user to determine what resources they have access to, what privileges they enjoy and what harm they could cause if their access was compromised.
Implement segmentation. Zero-trust architectures start by assuming that a user, device, or process has already been compromised. Zero-trust policies start with device, user and application segmentation to limit the impact of a breach.
Deploy security for ICS/SCADA. Identify and deploy security tools with specific ICS/SCADA-aware functionality, support common ICS/SCADA protocols and provide additional vulnerability protection for major ICS manufacturers. In addition, deploy industrial-grade, compliance-ready (IEC61850 EMI, Thermal and Vibration standards) security tools designed for the harshest environmental conditions.
Execute business analytics. Achieving visibility through earned trust and control via segmentation are solid first steps. The next step of detecting and neutralizing any malicious or unknown event requires threat analysis at speed. This starts with a proactive posture that enables detection, quarantine and detonation, combined with real-time cyber intelligence reporting and advanced behavioral analytics, to find and defuse an attack before it can impact live operations. Your operations must be able to outmaneuver any cyber adversary via a continuous trust assessment that employs at-speed analytics.
New vulnerabilities will emerge. The rapid expansion of the attack surface due to IT/OT convergence has attracted cyber adversaries to the energy and utilities sector. Complicating matters further, OT environments are especially difficult to defend against cyberattacks due to the vulnerability and fragility of systems in place, and the common use of implicit trust models.
These trusted systems can extend from upstream (exploration) to midstream (transportation and storage) to downstream (refining and distribution) OT infrastructures. The risks to utility networks range from regulated power generation to transmission to retail electricity distribution.
Clearly, a new OT security strategy is needed. Zero trust, segmentation, purpose-built solutions and a clear understanding of the scope of the challenge are the building blocks your organization needs to proactively outmaneuver cybersecurity adversaries and to ultimately sustain a proactive defense for highly valued OT system assets.
About the author: Rick Peters has three decades of cybersecurity experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). Fortinet, Sunnyvale, Calif., delivers integration security solutions for global enterprise, mid-size, and small businesses.