By Grant Asplund, Cyber Security Evangelist, Check Point Software
The energy industry is vulnerable. Utility groups maintain an expansive attack surface, as by nature, the infrastructure is geographically distributed. The average top-tier utility plant maintains a footprint of more than 94,000 miles. This creates security visibility challenges that provide cover for cyber adversaries.
But cyber criminals aren’t just interested in energy companies due to the ease at which they can slip past scrutiny. Cyber criminals are also aware of the level of economic value that this sector drives. In the absence of energy, a nation could see widespread economic disruption.
Emerging grid security concerns
Grid security vulnerabilities first came to light as early as 2010. Subsequent technological developments have since increased the vulnerability of energy infrastructure and related control systems. Against the backdrop of broad-based technological innovation, cyber security largely received short shrift.
Fast-forward ten years. In 2020, a US government alert stated that utility groups could see “attacks with temporary disruptive effects against [them]” as retaliatory measures for geopolitical developments. Since then, energy infrastructure concerns have only intensified.
This week, on Wednesday April 13th, the US warned energy organizations of a rapidly advancing hacking threat. This threat includes a malware tool that can give hackers complete access to (and presumably control over) infrastructure systems.
Getting a grip on grid security
The challenges associated with improving energy sector and grid security are not insurmountable. A framework that includes a comprehensive security architecture, strong communication, enhanced processes and other technical upgrades can measurably lower risk levels. Improvements in the following areas may be of particular benefit:
1. Strategic threat intelligence gathering. Energy groups need to move away from a reactive mentality and towards a proactive, forward-looking threat mitigation approach. In so doing, groups may wish to adopt real-time threat intelligence solutions that are enriched with AI-based engines and that draw data from hundreds of millions of sensors.
Advanced, predictive intelligence engines can provide insights into the newest attack vectors and the latest hacking techniques. A security architecture with integrated AI can help organizations contend with “known unknowns,” including emergent ransomware tools and coordinated multi-phase attacks.
2. A comprehensive security strategy. Siloed security activities can leave any organization vulnerable to threats. Cyber security decision makers need to ensure alignment around the development of a comprehensive security strategy. In this vein, organizations may wish to provide all security teams with visibility into (if not authority over) all IT/OT networks and architecture, which will allow for improved detection of trends in the event of a coordinated cyber strike.
3. A security-first culture. Energy sector organizations must implement programs that can close operational gaps when it comes to communication and awareness. Safety culture goes from the top down and everyone needs to receive clear and consistent messages describing cyber security as a shared responsibility. Everyone should know about social engineering, cyber threats, and processes and procedures around cyber security incidents.
4. Whole-of-industry approach. Industry working groups, and inter-agency partnerships have helped organizations cross-leverage resources and technical knowledge. They’ve helped organizations manage to scale security. But studies show that organizations continue to struggle with cross-organizational collaboration.
Despite the extra logistics involved in collaboration, cyber security outcomes prove its value. Cross-organizational collaboration can reduce the number of duplicative efforts and improve prevention and defense results.
Closing thoughts
Energy sector entities urgently need to ramp up the application of cyber security best practices and need to increase investments in security solutions in order to protect themselves, their clients, and the environment at-large from the digital and physical fallout associated with intensive cyber attacks. If your organization needs assistance, you can always reach out to trusted cyber security professionals at Check Point Software.
For more information about energy infrastructure and grid security, see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.
