Last month it was a string of severe storms wreaking havoc on the energy grid. However, although the cold weather has passed, many of today’s grids are still at risk. As the recent a report from the government watchdog Government Accountability Office (GAO) discusses, the distribution systems within the U.S. electrical grid are increasingly vulnerable to cyberattack.
Specifically, the GAO noted that the Department of Energy’s cybersecurity strategy has predominantly focused on generation and transmission systems. The watchdog recommended further attention to risks facing distribution systems, carrying power directly to customers.
The vulnerability is increasing due to industrial control systems, which have increasingly been incorporating remote access. As a result, they can give bad actors access to them. The systems the report analyzed generally are not covered by federal cybersecurity standards but have in some cases taken independent action on them.
There are significant benefits to connected environments. And when connecting infrastructure some of the surface benefits include the ability to monitor and optimize usage, dynamically reroute when needed and automatically alert response teams when an incident occurs. However, much like today’s increasingly connected production environments, avoiding cyber incidents is a serious problem requiring regular attention.
As technologies evolve and operational technology (OT) embraces connectivity to the internet, one problem that has emerged is that the staff overseeing OT is likely different from the staff handling IT processes, explains Cynthia Gonzalez, product marketing manager, Exabeam, in a statement.
“When OT is outsourced or has industrial IoT (IIoT) devices deployed over a wide geography, IT may be fundamentally blind to those devices, without authority over the information needed to manage security from a single or centralized view,” she says. “It is no wonder, then, that OT systems are often overlooked in essential security practices like monitoring for suspicious activity. Additionally, OT devices often have vulnerability issues baked into their design, and with multiple staff managing them on a day-to-day basis, the devices are prone to neglect. These factors create an environment that is ripe for malicious attackers who troll on weakness.”
Of course, effectively detecting an attack on IIoT and OT requires baseline security monitoring of all devices in the OT system. “However, monitoring these devices is a specialized task and requires expertise in OT protocols,” says Gonzalez. “Organizations without OT protocol expertise can use a third-party device monitoring solution, and these solutions frequently integrate with external sources for analytics and response automation, such as a modern security analytics and automation platform, providing a consolidated view across IIoT, IT and OT device types."