Cisco Blogs
Share

Security in Utilities: an architectural approach for partners.


January 25, 2019 - 0 Comments

When we talk about Utilities, we usually refer mainly to the companies that supply electricity to business and residential consumers. However, there are several other types of Utilities including Water, Gas and Waste Management companies just to name a few. All of them face the same types of security threats, in the past few years there have been a number of incidents, for example public warning systems have been hacked and turned on in the middle of the night[1]. There have also been attacks on the systems that control gas pipelines shutting down the gas flow for several hours[2].

Many of these attacks have happened not because of the actual lack of IT security measures or precautions, but in my cases due to organizational failures, whereby security data has been released to a third-party contractor without taking the necessary data protection procedures to avoid these incidents from happening.

In order to prevent security incidents from happening companies have to evolve their security approach to a phased security architecture:

  • First Phase: modernize the connectivity of the transmission and distribution systems, including zone segmentation, controlled conduits and following standards such as ISA -95,99 / IEC 62443 / NERC /NIST.
  • Second Phase: providing visibility of the data that is going through the equipment and systems all the way to the control area. This requires Application Control and Threat Control.
  • Third Phase: convergence of security policies across all the different layers, including policy driven responses and deeper vision and control.

This phased security architectural approach can be used by partners across different types of Utilities. The most important thing to highlight is that partners should provide their customers with a consistent risk assessment followed by an architecture that addresses the potential gaps discovered through this assessment.

There are some use case themes that partners can discuss with their customers to address the different types of potential vulnerabilities their industrial infrastructure might have, including:

  • Secure Connectivity: what devices can connect to what control systems; what type of communications can happen between different systems.
  • Secure Remote Access: what are the access control measures, how can secure access be provided.
  • Threat Control: what devices are vulnerable; how can you protect any vulnerable assets.
  • Safe Environment: what type of protection is being provided in the networking infrastructure and what type of protection is being provided on the devices themselves.

In order to address the security requirements of all different types of Utilities we now have Cisco IoT Threat Defense which converges a security architecture and services to help industrial companies defend their IoT devices and keep their business running.

The main idea is to look at the individual environments that need some form of Cybersecurity, then mapping them to the products that Cisco partners can deliver by using the Cisco Validated Designs to define how to bring a particular solution forward.

There are four different areas that we focus on: Segmented Access Control for both IT and OT environments; Visibility and Analysis of potentially dangerous behavior to/from IoT devices; Secure Access into the OT network; and finally, Professional Security Services to assess the baseline risk, manage OT environments and perform incident response.

 

To learn more about Cisco’s Utility Solutions and Partner Ecosystem please visit our Digital Utilities site https://www.cisco.com/c/en/us/solutions/industries/energy/external-utilities-smart-grid.html and our Industry Transformation Partner Guide http://cs.co/customerin.

[1]https://www.forbes.com/sites/thomasbrewster/2017/04/10/dallas-emergency-alarms-hacked/#3cecdcc91f66

[2]https://www.nytimes.com/2018/04/04/business/energy-environment/pipeline-cyberattack.html



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.