Stakes are high when the energy sector is targeted by cybercriminals. Community health and safety could be threatened, and economic losses could be severe.
Cyberattacks against industrial control systems (ICS) in the energy sector are on the rise. Systems can be exposed through inadvertent human error or technical vulnerabilities in diverse components within the ICS. Our recommended security practices can mitigate your plant’s cyber risk.
Update software and systems as soon as improvements are issued
Threat actors often wage successful attacks by exploiting vulnerabilities in an ICS network. Prevent low effort, high damage cyberattacks—be vigilant in updating application software and operating systems that keep your plant running. Monitor, upgrade, and track patches for ICS components. Best practice is to apply fixes upon release, not on a schedule, which could create high risk gaps.
So many ways in—limit power plant ICS access
ICSs are complex networks that enable diverse functions. Within that web lies risk of cyberattack—through access, tools, points of contact. Help minimize risk to your power plant by limiting access to the ICS. Know and secure network connections—remove any that are outdated. Thoroughly review ports, services, and protocols to eliminate unneeded elements. Limit who has ICS access, and train them to prevent risk factors.
Monitor and assess plant ICS security with rapid detection
Cybersecurity for power plants requires 24/7 oversight. Even a brief attack can have real-world impacts on OT systems and plant assets. Therefore, constant monitoring of the ICS and almost instant detection of issues are essential. A core cybersecurity toolset includes a security solution that performs ongoing traffic monitoring, analysis of system activity and rapid notification of cyberattacks.
ICS cybersecurity training is prevention in action
With the intense focus on cybersecurity, it’s surprising that many incidents occur through lack of message integrity or poor security policy enforcement. These performance loopholes can be closed with plant-wide training. Ensure essential resources are available for ICS security training of IT and OT professionals, as well as risk awareness and prevention for the full employee population.
Test and audit your security: your target is still moving
So, your plant’s cybersecurity is on top of the best practices above—great. In truth, as soon as you enact a security measure, cybercriminals start probing for weakness. An ongoing response plan to test every aspect of ICS cybersecurity is required to spot and stop every possible vulnerability. Regular security audits of your OT systems, tools, and policies will help close that loop.
Mitigate threats with a power plant cybersecurity solution
So much of your power plant’s cybersecurity integrity is in your hands, but you can’t be everywhere at all hours of the day and night. GE Gas Power can team up with you on a solution to help ensure a watchful eye is at work on your behalf 24/7/365.
Guardian* from GE
From cyberattacks to control network operational disruptions, Guardian* from GE responds powerfully, with multi-faceted capabilities for detecting ICS threats, employing behavioral analysis and artificial intelligence-powered risk assessment. This solution provides real-time monitoring of ICS system activity and alerts you with rapid threat response capability. Guardian* is a true, full-time cybersecurity defense system.
Guardian’s proven capabilities help power generators improve reliability, safety, cyber security, and operational efficiency in ICS environments. Once deployed, Guardian* automatically discovers OT network topologies and connected devices. The solution develops security and process profiles, and monitors systems continuously to detect anomalies and unexpected changes. Rapid threat detection, automatic protection, and easy integration: it’s all built into Guardian* from GE.
Patch Validation program
A power plant is never truly cybersecure without management of patches and upgrades. Patch Validation tests in environments like yours. We identify relevant patches and deliver easy-to-install packages through a secure portal for host or network-based deployment. GE Gas Power’s comprehensive Patch Validation service provides security and reliability within your budget.
Baseline Security Center
As the energy sector refines systems to make OT more secure, threat actors probe for vulnerabilities. Continual management and evolving expertise are needed. GE Gas Power’s Baseline Security Center delivers a full service security capability without the complexity and cost of building a team of experts.
Streamline the full suite of security capabilities in a single pre-integrated platform to help your team better control security of your OT environment.
Contact GE Gas Power today—we can help with the right system to fit your power plant’s configurations.
* Guardian is a registered trademark of Nozomi Networks.
Contact us
Want to learn more?
