The Future of OT Security: How Doble’s PatchAssure and TCA Program Are Leading the Way
As the utilities industry becomes increasingly reliant on automation technology, it is essential to ensure that operational technology (OT) systems are secured against cyber threats. In the current 2023 cybersecurity landscape, utilities face a growing number of sophisticated cyberattacks that can disrupt operations, cause financial losses, and even pose a risk to public safety [1].
The Colonial Pipeline, a major fuel transporter from Texas to the eastern US, experienced a ransomware attack by the group DarkSide in March 2021 [2]. The attack resulted in the encryption of the company’s data and a ransom demand. This disruption in fuel supplies caused panic buying at gas stations in affected areas. The resolution of the attack, in which Colonial Pipeline paid the ransom, underscored the significant impact cyberattacks can have on critical infrastructure like the utilities industry.
To address these threats, utilities must comply with the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) standards [3]. These standards, which are mandatory for all utilities regulated by NERC, outline specific requirements for protecting OT systems and data that are critical to the reliable operation of the bulk power system. One aspect of NERC CIP compliance is the implementation of robust cybersecurity measures to prevent unauthorized access to OT systems. This includes measures such as network segmentation, access controls, and incident response plans. Utilities must also regularly assess and test their OT security controls to ensure that they are effective. One standard within the NERC CIP framework is CIP-010-4 [4], which outlines requirements for protecting critical cyber assets. These assets are defined as “information and communication technology systems, equipment, and data, the loss, compromise, or misuse of which would have a serious adverse effect on the reliable operation of the bulk power system.”
Doble offers solutions such as PatchAssure™ [5] and the Transient Cyber Asset (TCA) Program [6] to assist utilities in addressing these difficulties and ensuring compliance with the NERC CIP regulations.
Doble PatchAssure is a comprehensive patch management solution that can help utilities meet the requirements of NERC CIP-007-6 R2: Security Patch Management.
Some of the key features of Doble PatchAssure include:
1. Automated patch management: Doble PatchAssure automates the process of identifying, downloading, and installing patches and updates for BES Cyber Assets, which can help save time and resources that would otherwise be spent on manual patching processes.
2. Compliance reporting: Doble PatchAssure provides detailed compliance reports that can help utilities track their progress towards meeting the requirements of NERC CIP-007-6 R2 and demonstrate compliance to regulators.
3. Verifying the authenticity of patches and updates: Doble PatchAssure includes tools for verifying the authenticity of software patches and updates, using methods such as digital signatures, hash checks, or other cryptographic techniques. These tools can be used to ensure that only authentic, unmodified patches and updates are installed on BES Cyber Assets.
4. Preventing the installation of unapproved patches and updates: Doble PatchAssure includes processes for reviewing and approving software patches and updates before they are installed, as well as technical controls such as firewalls or access controls to prevent unauthorized software from being installed or executed. These controls can be used to prevent the installation of unapproved patches and updates on BES Cyber Assets.
Overall, Doble PatchAssure is a powerful and comprehensive patch management solution that can help utilities meet the requirements of NERC CIP-007-6 R2 and help utilities maintain the integrity and authenticity of software used on BES Cyber Assets, and protect these assets from cyber threats.
A Transient Cyber Asset (TCA) program can help utilities in several ways:
1. TCAs can provide a secure and controlled method for accessing and controlling bulk electric system (BES) Cyber Assets: TCAs can be equipped with security controls such as encryption, access controls, and device management controls, and can be monitored and managed in a centralized manner, which can help ensure that they are used in a secure and controlled manner.
2. TCAs can help improve the efficiency and effectiveness of utility operations: By providing a secure and convenient way for personnel to access and control BES Cyber Assets, TCAs can help improve the efficiency and effectiveness of utility operations, and reduce the risk of errors or delays.
3. TCAs can help utilities comply with regulatory requirements such as the NERC CIP standards, which include requirements for the protection of TCAs from cybersecurity risks.
Overall, a TCA program can help utilities improve the security, efficiency, and effectiveness of their operations, and can help them comply with regulatory requirements.
By using solutions like Doble PatchAssure and participating in programs like the Transient Cyber Asset Program, utilities can better mitigate the risk of cyberattacks and protect their operations and customers. These solutions can help utilities secure their OT systems against known vulnerabilities and develop a strong cybersecurity posture to protect against future threats. In addition, utilities can also benefit from following the best practices outlined in the Cybersecurity Framework [7], a set of voluntary, consensus-based, industry-led guidelines developed by the Department of Homeland Security in response to Executive Order 13800 [8].
References:
- Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”. The White House. (Retrieved on 2023-02-08)
- Cyberattack on US Pipeline and Its Impact on Oil Prices. iasscore.in. (Retrieved on 2023-02-08)
- NIST and North American Electric Reliability Corporation Publish Guide for Bulk Electric System Cybersecurity. National Institute of Standards and Technology. (Retrieved on 2023-02-08)
- US Reliability Standards. North American Electric Reliability Corporation. (Retrieved on 2023-02-08)
- Doble PatchAssure. Doble. (Retrieved on 2023-02-08)
- Doble TCA. Doble. (Retrieved on 2023-02-08)
- Cybersecurity Framework. National Institute of Standards and Technology. (Retrieved on 2023-02-08)
- Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure”. Cybersecurity and Infrastructure Security Agency. (Retrieved on 2023-02-08)