Energy cybersecurity has been in the news since the successful 2015 attack on a Ukrainian utility. In 2021 a major conduit for oil to the southern United States, the Colonial Pipeline, shut down to limit damage from a ransomware attack. This multi-phase energy cybersecurity attack involved data theft, service interruption and financial loss. It was the largest US attack so far.
Every business is mindful of cybersecurity. But the impact is perhaps highest with energy cybersecurity. The unique breadth of potential risk—to the economy, public safety, business operations, and the environment—make cybersecurity a top concern for every power and utility company. As operating technology becomes more digitally integrated, energy cybersecurity rises to a top-line issue.
Threats to cybersecurity in the power sector are increasing around the globe. The energy sector and US government have moved quickly to improve cybersecurity for energy and utilities. Attacks may be simple or multi-phase attempts to maximize profit. At the same time, the number of threat actors is increasing—and adapting.
Multi-stage attacks, like the Colonial Pipeline breach, steal credentials to obtain valuable data, then deploy ransomware. This multiplies financial damage exponentially, making cybersecurity for energy and utilities many times as valuable. Ransomware is the top threat across the globe, representing 23% of attacks.
Cybersecurity for energy and utilities is focused on ICS attacks, a growing danger to national security and public safety. In the first half of 2021, a growing number of flaws in ICS products from major companies were reported; 70% of those rated as critical or high severity. Whatever the flaw, an attacker is looking to exploit it for profit.
Threat actors gain access by breaching weakness in trusted relationships with third party partners. This increases risk to the target company and widens the strike zone. In the Ukraine attack, damage and financial harm crippled companies as far away as the US. For energy and utilities, cybersecurity is more essential every day.
Threat actors targeting ISC and third-party opportunities are among the greatest threats to cybersecurity for energy and utilities. The stakes are high, given the potential harm to communities and countries when the power grid is attacked. Every power plant and utility should follow energy cybersecurity best practices to limit the risk of cyberattacks.
Cybersecurity for power plants faces a complex web of risk surrounding the sector. Every link in the supply chain must be secured, as components from different vendors carry potential flaws that open systems to attacks. By mid-2021, more than 600 ICS flaws were identified across 76 ICS vendors, up from 449 in the second half of 2020.
Effective energy cybersecurity safeguards, educates, and evaluates risk. Employees–among a company’s most valued assets—are often targets of attacks, as are trusted vendors. Training is critical to empower them to prevent attacks. Processes connecting trusted companies must be reviewed for flaws that could expose credentials and systems.
Cybersecurity in the power sector is not only security’s job, but also the responsibility of every employee. Energy cybersecurity awareness training for all is step one. Specialized training for employees in high-risk areas, such as IT or OT, is vital. Seek confirmation that employees of trusted partners are trained to mitigate risk as well.
Energy cybersecurity requires a 24/7 monitoring solution to deliver alerts as incidents or failures occur. Early detection can limit system and financial impact, as well as restart operations more quickly. With continuous monitoring, AmeriGas recently detected and stopped a data breach in eight seconds.
Cybersecurity in the power sector is where IT and OT intersect—prevention must encompass both functions. Separate high-risk processes from day-to-day business processes. Upgrade IT systems, monitor security patches and build redundant systems to help with recovery. Plan for alternative vendors in case a partner experiences an attack.
GE Gas Power advocates for good risk management and strong cybersecurity for energy and utilities around the globe. GE Gas Power offers Guardian*, a cybersecurity monitoring solution that provides high level insight into operational control networks, IT, and cloud assets, along with rapid detection of cyber threats and disruptions.
GE, in an industry first, has used an inventive approach to supply chain security, using TPM (Trusted Platform Module) processes to help deliver a secure, reliable supply chain experience for customers. In addition, our Power Patch Validation Program keeps control system environments up to date from a security perspective, so operational technology environments maintain their integrity and high performance levels.
* Guardian is a registered trademark of Nozomi Networks.