With the increased interest in cybersecurity and the recent news that utilities are being targeted around the world I’m making sure our readers have seen the latest white paper to come out of the Cisco ‘Brain-Trust’ on security in utilities and the energy industry.
As the white paper announces, “Utilities and energy organizations are part of the critical infrastructure of any nation, which makes them a high-profile target for cyber terrorists and hackers alike. Modernization brings gains in efficiency, but it also increases the attack surface through which threat agents can target utility infrastructure.”
It’s tough being a utility. Constant regulations, standards compliance, security and safety issues. Our security experts analyzed the IT security capabilities of the utilities sector in general, using specific data from the Cisco Capabilities Benchmark Study. They looked at the views of both chief information security officers (CISOs) and security operations (SecOps) managers and, different to other industries, seem closely aligned. What are the differences then, versus other industries? Here are some findings:
- 73% percent of IT security professionals at utilities say they’ve suffered a public security breach, compared with 55% in other industries.
- 56% percent of the IT security professionals in utilities say they use cloud-based web security, compared with 36% of the respondents in other industries.
- 64% percent of CISOs and SecOps managers in the utilities sector say they make use of mobile security tools, compared with 50% of security professionals in other industries.
One important note: The study focused primarily on IT security capabilities, not on the state of operational technology (OT) security. There is a growing trend of convergence between IT and OT, and I and others in Cisco have talked about the ramifications of that trend.
Click the image to download the whitepaper
Despite my earlier claim that the data supports a similarity of views between CISOs and SecOps managers, interestingly the opinions of CISOs and SecOps managers diverge somewhat when the conversation turns to IT security controls. For example, 67% of CISOs say that their organizations have adequate systems for verifying that security incidents have actually occurred, but only 46% of SecOps managers say they have such systems in place. Also, 73% of CISOs say they have well-documented processes for incident response and tracking, while just 54% of SecOps managers say they have such systems. That’s worrying to me.
The white paper has lots of charts and supporting documentation, and discusses the differences between the utility industry and other industries, especially the readiness of using tools and the availability of funds focused on security. One things for sure: utilities are frequently a target of cyber attacks because of their high public profile and the potentially damaging effects of a data breach or service disruption. That explains the figures in my first bullet above (73% versus 55%). This vulnerability further highlights the security challenges that utilities are facing. In many countries, utilities have to report breaches by law, a requirement that may have contributed to the high number of recorded breaches. Perhaps due to their tightly regulated environment, utilities are also slightly more likely than other industries to use internal security incident teams.
At any rate, utilities seem, in many cases, to learn the hard way. What do I mean? Well, publicly breached utility companies lean more heavily on tools such as network security, firewalls, and intrusion prevention systems (IPS), instead of distributed denial-of-service (DDoS) defenses or VPN security tools. For example:
- 76% of utilities that have dealt with a public breach say they use firewalls and IPS tools, but only 53% of utilities that have not dealt with a public breach use them.
- 64% of publicly breached utilities use vulnerability scanning tools, compared with 44% of non-publicly-breached utilities.
The figure above illustrates the point. Utilities’ Use of Various Security Threat Defenses (in %)
Interesting, eh? Also, public breaches appear to encourage utilities to more closely examine their security processes. For example: Read More »
Tags: cyber security, cybersecurity, Energy, Responding to Evolving Threats, utility, Utility and Energy Security, Utility and Energy Security: Responding to Evolving Threats
Guest blog by Philippe Couturaud, Cisco Business Development Manager, EMEAR Utilities:
This week you have the opportunity of meeting up with Cisco at the European Utility Week event in Austria. Cisco has become synonymous with providing advanced critical infrastructure for our utility customers enabling higher availability, greater reliability, and stronger security.
At stand A.k35 in the exhibition area (Hall ‘A’, Stand k35) you can come by our booth and learn how Cisco continues to expand our portfolio to better serve our customers. You can talk to our experts and experience our industry use case demonstrations showcasing new solutions for Cyber/Physical Security, Teleprotection, MPLS, and a lot more:
* Demonstrations at the booth will include “Unify Your Field Area Network Deployment”, “Effectively Manage Substation Operations“, “Teleprotection Over MPLS WAN“, along with “Fleet & Field Worker Solutions“.
- * Cisco will be part of the GRID4EU Hub presentation on Nov. 4th, 9.15 AM to 12.30 PM. The Demo leaders will present the results of the most promising approaches and solutions developed within their demos – session 34 in the Hub.
Come visit us and find out about smarter, safer, more highly secure power grids offering reliable, efficient service. See how you can monitor, log, and diagnose systems with Cisco’s substation security solution. Find out how you can unify your field area network deployment with Cisco. See how Cisco is making a difference in the industry!
We’re looking forward to seeing you there!
For more information check out www.cisco.com/go/utilities.
Read More »
Tags: european utility week, EUW, FAN, mpls, security, substation, teleprotection, utility
Distributed generation is getting increasing attention for impact on the electric utility industry. DG has been the subject of a number of high profile articles in Business Week, the Wall St. Journal and several online business and industry news sites. The Business Week article was particularly provocative, leading with the title, “Why the U.S. Power Grid’s Days Are Numbered“.
Residential DG, primarily solar, remains relatively sparse in the U.S. compared to Europe, especially Germany. Commercial/Industrial DG is getting greater penetration with large initiatives such as Walmart installing solar on the top of every store, and low-priced natural gas leading industrial customers to generate their own power. Although circumstances differ, the September 17, 2013, WSJ article, “In Post-Tsunami Japan, Homeowners Pull Away From Grid”, describes how Japanese homeowners could foreshadow even more disruption. While residential fuel cells are not presently economical, higher volume production and deployment in Japan could certainly change that. Low cost fuel cells could enable every customer with natural gas service to make the economic analysis about when or whether it’s worth turning to self generation. Read More »
Tags: DG, Distributed Generation, Energy, IoT, Marriot, renewable energy, solar, utility, wind
By Howard Baldwin, Contributing Columnist
For something with “micro” in its name, microgrids are becoming a pretty big deal. Microgrids are distributed, small-scale versions of the centralized conventional electricity grid systems.
According to an August 2013 report from research firm MarketsandMarkets, the total microgrid market is expected to grow at an estimated CAGR of 17% between 2012 and 2022, reaching a total installed capacity of 15.4 gigawatts by 2022 and a value of $27 billion.
Read More »
Tags: Connected Energy, distribution, internet, microgrid, power management, Smart Grid, utility
The UTC TELECOM conference wraped recently and the Connected Grid team has had a great time on-site! It’s been exciting for us to demo key components of our product portfolio and connect with many of our core audiences. Centered on the theme of “delivering your future,” the sold-out event served as a great platform for us to discuss Cisco’s efforts within the utility industry and the migration of the grid into a fully IP-enabled world. Read More »
Tags: Connected, connected grid, IoT, utility