Risk Landscape: Cybersecurity for energy & utility operations

15 Mar 2019

By Louie Belt

The evolution of technology in energy and utility operations brings incredible opportunities, as well as risks. The number of technology attacks in the United States doubled last year - hackers targeted power grids, gas lines, and electric utilities. This doesn’t even include the 6000 percent spike in ransomware emails, extracting more than $1 billion from businesses, plus an additional $75 billion in costs from operational downtime (averaging two days per attack). 

With all the publicity on the security threats from infected email and ransomware, the reality is that the risk landscape is much broader. Digital transformation in energy and utility operations comes with inherent hazards. The good news is that technology allows more users in more places. The bad news is that technology allows more users in more places. People accessing your system are no longer limited to the secured walls of one building; whether a substation, branch office, or customer center, information is shared via the cloud, and accessed from both company and personal devices. The number of devices and applications being utilized on a daily basis is also growing. On average, the typical worker will use three or more different devices to access company information; 75 percent say they’ve experienced attacks on at least one of their devices within the last year. 

These endpoint devices are becoming increasingly more difficult to defend. Mobile devices, cloud data, and user behavior are critical to address. So, what’s an energy or utility provider to do? What are the best practices to protect information and ensure operations aren’t compromised? Direct, multilayer threat protection is the best way to protect your operations and keep them running efficiently. 

Multilayer threat protection is best explained in the form of a workplace security stack, focusing on 8 areas of protection. Historically, managers have applied security to one or more levels – but not edge-to-edge, end-to-end security. This requires that all 8 layers be protected. Including the following: 

1.    End point management– monitoring and proactive/automated remediation for end user devices, whether mobile or in office.

2.    Advanced malware protection– detection, containment, and removal of threats across all endpoints.

3.    Secure remote access– secure connections to the enterprise network by any device, at any time or location.

4.    Secure internet gateway–blocking malicious destinations before connections are established.

5.    Apple/IOS security protector– advanced protection for IOS devices over wired, wireless, and cellular networks.

6.    Mobility management– single sign-on access to business applications, based upon the user’s persona.

7.    Identity management– visibility and dynamic control of users and devices accessing wired, wireless, and VPN connections.

8.    Next generation firewalls– unified threat management with integrated firewall, IPS, content filtering, and advanced malware protection.

Many endpoint solutions claim to block 99 percent of all threats. With that level of effectiveness, why should you worry about anything else? The reason is the remaining 1 percent of threats – which tend to be the most disruptive and costly to your operations.

For advanced malware protection, the focus is on how to prevent, detect, and reduce risk. We can prevent with antivirus, file-less malware detection, and cloud lookups. To detect, we can use static analysis, sandboxing, malicious activity protection or machine learning. And to reduce risk, we identify vulnerable applications, low prevalence and proxy log analysis. 

Another major hazard is presented by the cloud. Users and applications have adapted to the cloud, so must security. With 49 percent of the workforce now mobile, and 82 percent admitting they don’t use a VPN, security controls must shift to the cloud. Look to the workplace security stack areas; secure remote access and secure internet gateway to provide protection for those accessing cloud data. This enables users to block malicious destinations wherever they go, even off VPN.

IOS devices also need security protection. Traditionally considered a safe haven, IOS devices are now targeted and vulnerable to attacks, just like other devices. Giving Apple devices the same security attention as Android, Windows, and other SaaS applications in your security plan, will help address some of the remaining threats.


Identity management refers to the user – who they are and whether or not you want to provide them access. A best practice is a single point of identity and access management for all end points across the network, both wireless and wired. This will offer:

  • Profiling–Who is the user, what device, where?
  • Posturing–Is the device clean? Antivirus up to date?
  • Quarantininguntil device meets minimum standards.
  • Accessgranted based upon role, device, time, location, application, etc.
  • Guest–Simplified self-service access.
  • Real time view and analysisof all users and traffic.

Implementation of next generation firewalls will complete the multilayer threat protection, delivering integrated threat defense across the entire attach spectrum.

With the increasing technology being utilized in energy and utility operations, cybersecurity should be on the mind of every CTO, CEO, and board member. When we talk about cybersecurity failings, we mostly think about data breaches. Although they are a significant issue, the subject of cyber security in the energy sector reaches further, into an area of greater concern. As attacks on critical infrastructure have surged, we’re reminded that, while loss of data is concerning, the loss of electricity is catastrophic to both business and society.

 

Louie Belt is the US Principal Solutions Architect for Getronics. He specializes in advanced technologies and security, with expertise in SD-WAN, SD-Access (Cisco DNA Architecture), Unified Communications and Collaboration, ACI (Network and Application Centric), Wireless, Mobility, Cisco Security including ISE, Firepower, etc.  Louie holds a Bachelor of Science degree in Engineering Physics and resides in Nashville, TN.

Getronics | http://www.getronics.com


Author: Louie Belt
Volume: 2019 March/April