Cybersecurity for Energy and Utility Operations

The evolution of technology in energy and utility operations brings incredible opportunities, as well as risks. The number of technology attacks in the United States doubled last year – hackers targeted power grids, gas lines and electric utilities. This doesn’t even include the 6000 percent spike in ransomware emails, extracting more than $1 billion from businesses, plus an additional $75 billion in costs in operational downtime (averaging two days per attack).

With all the publicity from infected email and ransomware, the reality is that the risk landscape is much broader. Digital transformation in energy and utility operations comes with inherent hazards. The good news is the technology allows more users in more places. The bad news is that technology allows more users in more places. People accessing your system are no longer limited to the secured walls of one building; whether a substation, a branch office or customer center, information is shared via the cloud, and accessed from both company and personal devices. The number of applications and devices being accessed on a daily basis is also growing. On average, the typical worker will use three or more different devices to access company information; 75 percent say they’ve experienced attacks on at least one of their devices in the past year.

These endpoint devices are becoming increasingly more difficult to defend. Mobile devices, cloud data and user behavior are critical to address. So, what’s an energy or utility provider to do? What are the best practices to protect information and ensure operations aren’t compromised? Direct, multilayer threat protection is the best way to protect your operations and keep them running efficiently.

Multilayer threat protection is best explained in the form of a workplace security stack, focusing on eight areas of protection. Historically, managers have applied security to one or more levels – but not edge-to-edge, end-to-end security. This requires that all eight layers be protected. Including the following:

  1. End point management – monitoring and proactive/automated remediation for end user devices, whether mobile or in the office.
  2. Advanced malware protection – detection, containment and removal of threats across all endpoints.
  3. Secure remote access – secure connections to the enterprise network by any device, at any time or location.
  4. Secure internet gateway – blocking malicious destinations before connections are established.
  5. Apple/IOS security protector – advanced protection for IOS devices over wired, wireless and cellular networks.
  6. Mobility management – single sign-on access to business applications, based upon the user’s persona.
  7. Identity management – visibility and dynamic control of users and devices accessing wired, wireless and VPN connections.
  8. Next generation firewalls – unified threat management with integrated firewall, IPS, content filtering, and advanced malware protection.

Many endpoint solutions claim to block 99 percent of all threats. With that level of effectiveness, why should you worry about anything else? The reason is the remaining 1 percent of threats – which tend to be the most disruptive and costly to your operations.

For advance malware protection, the focus is on how to detect, prevent and reduce risk. We can prevent with anti-virus, file-less malware protection and cloud lookups. To detect we can use static analysis, sandboxing, malicious activity protection or machine learning. And to reduce risk, we identify vulnerable applications, low prevalence and proxy log analysis.

Another major hazard is presented by the cloud. Users and applications have adapted to the cloud, and 82 percent admitting they don’t use a VPN, security controls must shift to the cloud. Look to the workplace security stack areas; secure remote access and secure internet gateway to provide protection to those accessing cloud data. This enables users to block malicious destinations wherever they go, even off VPN.

IOS devices also need security protection. Traditionally considered a safe haven, IOS devices are now targeted and vulnerable to attacks, just like other devices. Giving Apple devices the same security attention as Android, Windows and other SAS applications in your security plan, will help address some of the remaining threats.

Identity management refers to the user – who they are and whether or not you want to provide them access. A best practice is a single point of identity and access management for all end points across the network, both wireless and wired. This will offer:

Profiling – who is the user, what device, where?
Posturing – Is the device clean? Antivirus up to date?
Quarantining until device meets minimum standards.
Access granted based upon role, device, time, location, application, etc.
Guest – Simplified self-service access.
Real time view and analysis of all users and traffic.

Implementation of next generation firewalls will complete the multilayer threat protection, delivering integrated threat defense across the entire attach spectrum.

With the increasing technology being utilized in energy and utility operations, cybersecurity should be on the mind of every CTO, CEO and board member. When we talk about cybersecurity failings, we mostly think about data breaches. Although they are a significant issue, the subject of cybersecurity in the energy sector reaches further, into an area of greater concern. As attacks on critical infrastructure have surged, we’re reminded that, while loss of data is concerning, the loss of electricity is catastrophic to both business and society.

About the Author
Louie Belt is the U.S. Principal Solutions Architect for Getronics. He specializes in advanced technologies and security, with expertise in SD-WAN, SD-Access (Cisco DNA Architecture), Unified Communication and Collaboration, ACI (Network and Application Centric), Wireless, Mobility, Cisco Security including ISE, Firepower, etc. Louie holds a Bachelor of Science degree in Engineering Physics and resides in Nashville TN.