Cyber Threats on the Rise: Invest Now to Boost Power Grid Defenses
Critical infrastructure security is in the national spotlight. In 2020, the power grid and energy sector was the third most targeted sector for cyber-attacks, up from ninth place in 2019, and the threats are growing more sophisticated. The Biden administration recently issued a national security memorandum which sets baseline cybersecurity goals and practices to protect the grid. The order also encourages the deployment of advanced technology for threat visibility, detection, monitoring, and response.
Power and utility companies play a starring role in safeguarding the nation’s infrastructure. As organizations double down on compliance and technology, there are several things to consider amidst a rapidly evolving cybersecurity landscape.
Confidently and compliantly secure your assets
Maintaining compliance with NERC-CIP standards is just the first, yet critical, step in boosting cybersecurity defenses. These mandates were put forth to institute a bare minimum for security. Keeping up with effective Transient Cyber Asset (TCA) (NERC CIP TCA), vulnerability and patch management and assessments, (NERC CIP-007/NERC CIP-010) and enterprise patch management (NIST SP 800-40 Rev. 3) best practices is foundational to ongoing cyber protection.
In addition to choosing technology that makes it easier to adhere to these standards with continuous monitoring, quick patch management, and other capabilities, it’s important the tools you’re using also maintain compliance with these standards.
Make sure any software you’re using to manage your assets and their security exceeds NERC CIP-007-6 R2.2 for timely patch evaluations to ensure compatibility. Also ensure that the software has undergone an authenticity and integrity verification process according to NERC CIP 010-3 R1.6 so you know the system is from a legitimate source and hasn’t been modified.
Invest in transient cyber asset security and patch management
Remote field devices can present major security risks. Transient cyber assets (TCAs) such as tablets, asset testing laptops, and protective relays are often disconnected from the main network, making them a prime channel for spreading malware. Given TCAs contact critical assets regularly, they’re a top security threat if not secured properly.
Speed is of the essence when it comes to cybersecurity. However, securing your assets shouldn’t hold productivity back. Look for systems that you can tailor to secure the work processes that need defenses the most and streamline procedures from the field to the office. Tapping patch management software that easily shows the patch updates available to TCAs, enables you to quickly select the updates you want, and automatically downloads those installers to TCAs to be installed during remote updates is key for success. Patch management systems should also monitor, send alerts, and report on security risks, keeping you in a constant state of vigilance.
Stay prepared and proactive
Cyber threats are fast moving and unpredictable. Utilities need to be armed and ready with the right tools and processes. While advanced technology for threat identification and management is currently strongly encouraged by the Biden administration, it could soon become a requirement.
About the authors
Bryan Gwyn is the Senior Director of Solutions at Doble Engineering. He has over 10 years of executive experience in the transmission and distribution business and a demonstrated history of working in the utilities industry.
Sagar Singam is a Cyber Security Engineer III at Doble. He is passionate about secure coding, cyber security and products. He graduated from the A. G. Patil Institute of Technology and earned his master’s in Information Assurance and Cybersecurity from Regis University.
Dan Coombs is the DUCe Support Manager at Doble. He has over 13 years of experience in system engineering and holds a bachelor’s degree in Information Technology from Daniel Webster College.