Cybersecurity in the Energy & Utilities Industry

How does the Energy & Utilities Industry Tackle Cybersecurity

The interconnected world brings people together, but it also poses risks. Cybercriminals can exploit the same technologies that unite us to sow disorder. Nowadays, cybersecurity needs to be on every business priority agenda.

It's unfortunate that utilities and energy firms are still tackling this 21st-century challenge with 20th-century approaches that were designed for a static, centralized, monolithic grid architecture. It is impossible to simply digitally or physically block off the grid in today's dynamic and decentralized grids, which require interaction with a wide range of equipment manufacturers.

Utilities, of course, have a duty to prevent breaches from occurring, but they also require an approach that constantly monitors assets and network communications to identify suspicious or potentially malicious activity. Manufacturers, for their part, must provide more robust cybersecurity capabilities while also ensuring interoperability in cybersecurity operations.

As the electrical grid expands in size and importance, it is important that a worldwide agreement be reached on how to best sustain and preserve it. To better safeguard the world's electrical grid, consider these three options.

The reality of cybersecurity attacks on the Energy & Utilities industry

The new industrial revolution is changing the way energy and utilities companies operate. In parallel, the number of sophisticated cyberattacks against utilities and the energy business is increasing and the threat to operational technologies (OT) has undoubtedly grown. In fact, according to a recent survey by Deloitte found that the US energy industry is one of the top three most frequently attacked by cybercriminals.

As successful attacks on electricity infrastructure are becoming more severe, the aftermath results in forcing crucial product systems, particularly safety systems, to go down. The importance of energy and utility cybersecurity is all too frequently undervalued. However, a number of isolated occurrences in the last several months have brought this issue to the forefront.

For example, one of these occurrences were put on display in May 2019 when a ransomware assault crippled Baltimore city computers for weeks and cost the city an estimated $18.2 million in damages, much in excess of the required ransom. A hacker attempted to poison the whole supply of water in Oldsmar, Florida, in August 2021. Hackers in the San Francisco Bay region attempted to poison a water treatment plant in January 2021, putting millions of people at risk. Hackers attempted to steal public water supplies in rural Kansas by gaining access to the system through unauthorized and malicious means.

The red flags are there for cybersecurity in energy and utilities companies. Very much so that Siemens and the Ponemon Institute conducted a study titled "Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?" of 1,726 utility personnel worldwide who are responsible for securing or supervising cyber risk in Operational Technology (OT) settings for enterprises in gas, solar, wind, and water utilities. 25% of respondents said they have been impacted by mega-attacks involving skills established by nation-state actors.

The same study also revealed gaps in cybersecurity preparedness and capabilities in the energy and utilities sector, with some of the biggest threat vectors found in grid-connected assets, operational technology, gaps in digitization, and control technologies.

What are the biggest cybersecurity risks for Energy & Utilities?

An official warning about the growing threat to water supply and wastewater treatment facility IT and OT systems was issued by a consortium of federal agencies. Spear-phishing, ransomware, out-of-date operating systems and software, unsafe remote work methods, and susceptible firmware versions were among the dangers detailed in their alert.

Let’s explore the most prominent cybersecurity risks and threats for the energy and utilities industry.

Ransomware and incident response

Those in the energy industry are more vulnerable to ransomware assaults from criminals or nation-state threat actors since they supply essential services. On top of that, attacks of this nature can have significant consequences for the industry, and the subsequent remediation is often more costly. An energy supplier or bulk-power-system failure might have disastrous implications for the local populace, not to mention severe reputational and regulatory risks for the energy provider.

IT/OT latency and inefficiencies

It is common for cyberattacks on power and utility firms to disrupt operations, resulting in severe financial losses. When network inefficiency or cybersecurity events cause latency in IT and OT systems, productivity is slowed, as well as company continuity. In December 2015, an attack on Ukraine's power infrastructure demonstrated the dangers that citizens and service providers face from OT threats.

Other IT/OT risks lie in operational inefficiencies exacerbated by a lack of interaction between security elements and architectural fragmentation. Many security workflows must be handled manually, which slows down processes and increases the risk of human error. It is not just that architectural silos delay detection, prevention and response to threats, but they also increase operating expenditure (OpEx) expenses by creating redundant administration of applications and even software and hardware licensing.

Industrial control systems

Hackers are increasingly attacking industrial control systems in an unpleasant but growing trend, which might lead to physical grid damage. Attackers used to target utilities' IT systems in order to steal data or launch ransomware for financial gain, but this is no longer the case. Reports have surfaced of hackers linked to the nation-state and organized crime trying to into utility ICS systems, in an effort to study how the systems operate and position themselves to potentially disrupt or destroy important physical assets such as power plants and substations. An attack on an industrial control system (ICS) is blurring the limits between cyber and physical attacks.

Identity and access management

Organizations in the energy sector face hefty fines if access governance mistakes or delays are discovered during audits, which makes managing credentials and access all the more critical for them. However, it might be difficult to comply with requirements if ineffective communication is caused by fragmented HR and IT systems and problems in integration.

With Zero Trust in mind, energy firms need to implement rigorous identity and access management (IAM) procedures to ensure the security of both traditional networks and cloud-based systems. Through the integration of people, process, and technology, IAM makes it possible for the appropriate people to have access to the right resources at the right time for the right purposes.

System integration

Typical threats to an energy company include IT and OT architectures, legacy and current technologies, and diverse systems acquired through mergers or acquisitions that struggle with interoperability. Integrating the necessary tools into control networks while ensuring compliance with open standards and APIs is a challenge that demands unique solutions with open standards and APIs. For this reason, a risk management strategy that incorporates network segmentation, intrusion detection, as well as endpoint detection and response, is required due to the fact that some infrastructure cannot be patched or hardened.

Supply chain risks

Supply chain risk management is becoming increasingly important for the sector as a result of issues like COVID-19, rising costs, unstable availability, geopolitical trends, on-shoring pressures, emerging legal regulations, increased cyber interconnection, and environmental and sociopolitical drivers around supplier choices. When it comes to replacing or building vital infrastructure, it's not only expensive; there's also the possibility of cyber manipulation or substantial downtime.

Compliance requirements

Compliance with North American Electric Reliability Corporation (NERC) and the Federal Energy Regulatory Commission (FERC), in particular, demand the active participation of all relevant stakeholders, the definition of clear roles and duties, as well as on-going education and training programs. Because of the subtle disparities between security best practices and regulatory requirements, utilities frequently encounter difficulties when attempting to integrate cybersecurity with compliance documentation and evidence requirements.

Physical security

For the first time ever, researchers were able to traverse the entire network of a wind turbine farm within minutes, with access privileges that would have allowed them to cause anywhere from $10,000 to $30,000 in revenue losses per hour or even destroy the turbines entirely if they had been able to do so.

If physical machinery and processes at power and utility facilities malfunction, they can injure people. In today's security scenario, cyber thieves can interrupt the functioning of critical infrastructure, posing a safety risk to workers on-site and even residents in the surrounding area. In addition, electricity and utility systems might be harmful for consumers if the generation, transmission, and distribution processes are disrupted.

The repercussions of any of these events would be dire for the company, from lawsuits to the closure of its activities by regulators. For energy and utility teams, physical safety systems and cybersecurity must be alert in order to prevent physical harm and cyber breaches from occurring.

How AI EdgeLabs Can Strengthen Cybersecurity in Energy & Utilities

It’s imperative for energy and utilities organizations to enhance cyber-defenses by increasing awareness of all system components and their functioning, as well as by training or employing skilled staff. Other aspects include compensating for systemic complexity through improved collaboration between IT and OT, as well as being informed of new technological and cybersecurity advancements. These techniques will help improve detection and response capabilities, including proactive contingency planning and recovery prioritizing.

Cyber risks in energy and utilities can be hard to address, but companies can start by partnering with threat intelligence software suppliers like AI EdgeLabs. The AI EdgeLabs platform provides early threat detection, advanced network visibility, and remediation protocols to fight back any threat or attack on the fly.