The cyber threat landscape for the utilities sector is constantly expanding to include more complex attacks from nation-state actors and other sophisticated players, who have repeatedly demonstrated their willingness to target essential infrastructure providers. In 2019, more than a dozen US utilities operators across 18 states were targeted when adversaries attempted to install malware on their systems via phishing attempts. The following year, in 2020, the FBI put out a warning to the energy sector, informing them of an imminent threat from Russian APT28 group. As providers of critical national infrastructure, a cyber breach in the utilities sector could cause major disruption to transport, banking, and communications, and millions could lose access to essential services like power and water. With digitization further increasing their attack surface, utilities need to understand the risks at hand and how to minimize them.
Concerns around cybersecurity continue to be at the top of utilities’ agendas, driven by the interconnected nature of infrastructure and systems, increasing regulations, and the rise in attack frequency and complexity. The need to connect a growing range of citizens to essential utility systems and the growth of private consumer data, collected by utilities through smart metering and smart homes, add additional risk and may complicate the compliance process.
By their nature, utilities have to operate a geographically distributed infrastructure; the average top 25 US power company operates across 121 plants with over 94,000 miles of distribution. As utilities’ systems are becoming increasingly connected through sensors and networks, their dispersed nature makes them hard to control. This makes both physical security and cybersecurity challenging, as maintaining visibility across all systems takes considerable time, revenue, and manpower. This is heightened in developing regions and in smaller organizations, where the cost of a robust cybersecurity stack and security team may exceed the revenue made from site operations.
The Internet of things (IoT) has become a key enabler in the modernization of utilities’ infrastructure, improving the efficiency of grids, maintenance, asset management, and allowing for better customer service to the end user. However, IoT can expose utilities to a host of new threats and vulnerabilities – 84% of organizations who have IoT deployments have experienced an IoT-related breach, most commonly as a result of malware. In the past, operational technology (OT) such as SCADA, smart substations, and distribution management, all crucial to utilities, were isolated from external systems, making them difficult to attack. However, as operational systems become more digitized and connected, IT and OT have converged, opening up industrial control systems such as SCADA to further cyber risk. Securing hybrid IT/OT systems means observing all incoming and outgoing traffic to block cyber threats, which traditional security stacks, such as firewalls, are unable to do.
Additionally, extreme weather and natural disasters mean that utilities are in emergency response mode more often than other sectors. This means their security solutions have to be tested and watertight, but flexible enough to adapt to the modern workplace. The remote working boom introduces new cyber risks as facilities are left undermanned and hackers employ social engineering tactics to attack employees as they work from home.
Beyond Reactive Cybersecurity
As utility infrastructures become more interconnected, smart, and decentralized, a centralized approach to securing them is no longer sufficient. Organizations must go beyond reactive security and take a forward-looking approach to threat detection and incident response, with cyber resilience and compliance built in.
At Centripetal, we understand the risks facing utilities organizations, which is why we developed our cyber threat intelligence solution, CleanINTERNET. CleanINTERNET aggregates, manages, and delivers thousands of cyber threat intelligence feeds directly to you, helping to mitigate the risk of non-compliance and the associated reputational damage. CleanINTERNET’s bi-directional traffic analysis and deep packet inspection quickly give you visibility of cyber threats across distributed systems preventing network infiltration and data exfiltration. By acting as an extension of your security team, we bridge the cybersecurity skills gap for your employees, providing strategic intelligence at a fraction of the cost of multiple, disparate threat feeds.