A Refresh on Cybersecurity: How Utilities Can Act Now
Critical infrastructure cybersecurity is firmly in the national spotlight. The recent Colonial pipeline hack marked the largest ever attack on an American energy system and the impacts of the SolarWinds breach still linger. In the wake of these attacks, the White House ordered a new plan to upscale infrastructure and protect the power grid from sophisticated cyber-attacks and foreign adversaries.
As the electricity sector faces increased pressure to address security vulnerabilities, many power and utility organizations are actively refreshing strategies and implementing innovative solutions to bolster the grid. Here are several practices to consider when building out cybersecurity programs.
What we know about Biden’s new order
Led by the Department of Energy in partnership with the Cybersecurity and Infrastructure Security (CISA), the order is aimed at advancing technologies to further protect the grid. It’s also intended to gather information from the electricity sector, including suppliers, utilities, academia, research laboratories, and more, on future supply chain security concerns to get out ahead of potential larger issues. The department is seeking industry input around how to develop a long-term strategy for technical assistance needs, supply chain risk management, procurement best practices, risk mitigation and more.
This type of coordinated effort can help the power industry create a comprehensive roadmap to achieving more effective cybersecurity. The end result could include new industry mandates, incentives for additional voluntary action, continuous improvement plans, novel solutions to improve resilience, and a renewed focus on educating the workforce around security best practices.
Doubling Down on Compliance and Technology
With this upgraded standard of cybersecurity measures likely still a way out, what can utilities do to armor themselves against attacks in the meantime?
First, double down on known protective measures. Staying compliant with NERC-CIP standards is critical for ongoing security, as is actively monitoring and evaluating assets for vulnerabilities. Follow guidelines for effective vulnerability and patch management (NERC CIP-007), vulnerability assessments (NERC CIP-010), and enterprise patch management technologies (NIST SP 800-40 Rev. 3). Implement continuous control monitoring (CCM) to regularly track and identify potential loopholes in security measures that can arise due to unexpected changes to firmware or software and recover the system as quickly as possible. Confirming contingency plans and training staff on effective practices also create a solid and buildable foundation for cybersecurity success.
Utilizing technology solutions, such as patch management software, that continuously monitor and warn of security risks in real time are also vital to staying vigilant. Transient devices, which are often disconnected from the main network, are top concerns as they can act as vectors to spreading malware. Implementing a comprehensive and holistic plan like Doble’s Transient Cyber Asset (TCA) program can help utilities address this issue and simultaneously meet NERC CIP standards without obstructing work processes or hindering team efficiency. Doble’s program is based on a deep understanding of utility field work and includes configurable security controls that enable utilities to tailor their security approach to their specific needs.
Building a culture of proactivity and vigilance
Compliance is only the minimum requirement for cybersecurity. With attacks becoming more frequent and sophisticated, organizations are increasingly adopting a zero-trust strategy and architecture. The motto: Never trust, always verify.
The model, in which power and utility companies operate under the assumption hackers are already inside their networks and no device, user, or application connecting to the network is secure, inherently drives a more secure environment. The approach fosters vigilance and leads utilities to take proactive mitigation measures, such as security patch tracking , DNS authentication for email phishing, and penetration testing for operational systems. The latter, which is essentially an authorized cyberattack, is critical for assessing the strength of defensive measures.
In a world where both internal and external devices pose considerable security threats, a zero-trust strategy is wise, and goes an incredibly long way in strengthening the grid.
While the Biden administration’s order is an unprecedented and welcome step to securing our critical infrastructure, cyber-attacks aren’t slowing down. With intelligently designed utility security programs and a culture of vigilance, together as an industry we can minimize hackers’ effectiveness and chances of success.
- 100 Years of Doble: Meeting the Industry’s Protection Needs Today and Tomorrow
- 100 Years of Doble: Supporting Utilities in the Cyber Age
- Organizational Culture is Your Best Cyber Defense