Security experts agree: Cyberattacks are the new reality for utility companies.
On Jan. 10th, 2018, a major power outage hits the Consumer Electronics Show (CES), Las Vegas. For nearly two hours, participants were reminded that without electricity, the digital economy would not survive very well. In 2016, 3.85 trillion kilowatthours (kWh) [EIA] was consumed in the U.S., enabling consumers, transportations, commercial and industrials business to perform their daily activities. No doubt that over the world, national and regional power grids are critical infrastructures requiring adequate protections such as the North-American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan.
On Dec. 23, 2015, a major cyberattack on the Ukrainian Kyivoblenergo, the country’s regional electricity distribution company, left 10 substations disconnected for more than three hours. A foreign attacker had remotely controlled the SCADA distribution management system grid, which knocked out power distribution to more than 225,000 people across the region. Why the power went down wasn’t immediately known. However, shortly after the incident, Ukrainian government officials — as well as private companies and the U.S. government–performed analysis and determined the outages were caused by a cyberattack, and that Russian security services were responsible for the incidents.
According to many cybersecurity experts and as published in IIoT World, these attacks are on the rise and becoming more sophisticated. It’s not about if, but when they occur.
What does that mean for utilities? It means that preparing for cyberattacks must become the new normal for utilities. Physical Security and cybersecurity of the critical assets must be integrated in smart grid design, products selection and deployment, increasing the readiness for attacks protection and mitigation. Regular staffs training on security, disaster recovery plan definition and audits must be high priority on Senior leaders objectives. Building an end-to-end, complete grid security solution is imperative.
Here are four things to know:
- It’s not a matter of if your security perimeters get compromised, but when.
- Attacks are going to get more frequent and sophisticated.
- Products, tools, best practices and more are available to help companies protect their infrastructures and mitigate the threats.
- Cisco has made significant investments and has a lot of momentum in the security space.
At Cisco, our mantra is that every device on the network is a security asset. For a Utility company, that means from production to transmission (in or out the substation), to distribution (down to the meters and distribution assets), all operations issue from the control center, operations center and the data center to and from the grid are covered.
Outsmart the security threat
We’re seeing an evolutionary shift from aging legacy systems, process control systems protocols and unconnected devices. With legacy protocols, nobody could detect or know about threats. Now, these systems are being retrofitted and architectures are developing to make these newly connected devices more secure within the distribution grid.
We now have a level of visibility into the network that we didn’t have with the legacy systems. We can detect an anomaly, determine if it’s normal or abnormal behavior and then provide intelligence about what is going on.
Here’s an example of the power of our security system. Imagine that there is an analyzer on a transformer pole in the middle of Idaho. Using profiling and analytics, we are able to monitor the traffic and detect any anomalies. We will know if it’s going to an unusual destination (another country, for example) or if it’s not being sent via DMP or Modbus.
If anything unusual is detected—if, for example, someone modifies our device or software on purpose or by accident, Cisco can detect the change, reconfigure it and change it back, reject it from the network or reset to the factory standards.
When we design a network for security, it’s a mix of best practice, product, and design. We can protect what we know, but at the same time, you have to mitigate what you don’t know. Mitigating the effects of the attack through product design is just as important.
Recognized Leader in IoT Security
Cisco, as a leader in IoT security, can quickly react via well-defined processes to deliver effective, efficient security fixes for its customers. We are well-positioned to observe the challenges of industrial networks as deployed by its customers. An article in Forbes last year called out Cisco for its work in IoT network security, encryption and security analytics.
Let us know the problems your organization is facing. Feel free to share your thoughts in the comments below.