100 Years of Doble: Securing the Power Grid When It Matters Most
As the world continues to progress toward a remote and mobile workforce, businesses and society are even more dependent on the power grid. And although the shift to a remote workforce brings many benefits, it also creates more opportunities for hackers to exploit weak points in critical infrastructure, since electric utility workforces are shifting to remote work as well.
In fact, a recent survey revealed nearly all IT professionals agree remote workers are not secure—leaving many of us in a catch-22 situation. Although work-from-home policies are essential to preserving employee health and safety—compromising cyber health isn’t an option, especially for those responsible for keeping the lights on. The silver lining, however, is the three-month delay of several new NERC CIP cybersecurity standards due to the pandemic has provided a great opportunity for power and utility companies to bolster their cybersecurity and compliance programs in light of the shift to remote work.
In order to mitigate the risks posed by remote access to critical substation assets, it is important to secure the endpoints such as the field laptops that are used to work with them and to ensure that security patches to the endpoints and the substation devices are applied in a timely fashion. The field devices – asset testing laptops, tablets and protective relays — are primary targets for attacks since they are harder to monitor and update with security patches.
To help the industry’s frontline defenders to address threats more quickly and effectively, Doble has created several offerings that focus on field and substation asset security.
Doble PatchAssureTM is designed for easier and timely discovery and application of security updates for all fleet devices, and enables sophisticated configuration management. We know ensuring compliance to standards such as NERC CIP and reporting to regulatory agencies can be challenging. Consistent releases of security and application software and extensive evidence collection for audits within PatchAssure make staying current with mandates and managing the disclosure process much easier.
Our Transient Cyber Asset (TCA) program offers a holistic and customizable approach to securing transient devices, such as testing laptops and tablets which are vectors for spreading malware across critical infrastructure, and implementing NERC CIP-compliant testing programs. Field personnel can drive productivity and gain time to focus on maintenance and testing tasks by prioritizing work processes that need to be secured, and tailoring security controls to best fit their unique needs.
Asset security has never been a simple process for the power and utility space. Today's cybersecurity challenges, however, also give us an opportunity to catapult the industry forward in its holistic defense strategy. Organizational security is a collective mandate and needs to be woven into organizational culture and reinforced during high-risk times. Proactively collaborate with your procurement, IT and security teams to assess, evaluate, and enforce security practices both internally and with partners. Despite virtual offices changing team dynamics, everyone must be vigilant and be on the same page when it comes to cybersecurity.
- Further Reading: