By Tom Ayers
This article appears in the January-February 2015 issue of Public Power magazine.
Cyber attacks against utilities are clearly on the rise. In November 2014, the U.S. Department of Homeland Security Computer Emergency Readiness Team reported 79 known cyber attacks against utilities so far that year.
The good news from this report was that no equipment was damaged nor outages reported. The bad news was that DHS found imbedded malware in electric turbine control system software at a utility in the U.S. Based on these recent, repeated attempts to penetrate utilities, more cyber attacks against the electric grid are certain.
So, how do you know if your utility networks are vulnerable? While a layered approach to security is the traditional defense, a proactive, offensive strategy is needed as well. And while periodic risk assessments can help establish these legacy defensive impediments, they provide little insight into risks that are happening in real time.
Hackers continually evolve the types of attacks launched at utilities. Therefore, you need to be ready to evolve your defenses and remain vigilant. A proactive plan to monitor and alert for threats 24 x 7 is essential. When you know immediately about the types of threats hitting your networks, you have the opportunity to take action before damage occurs.
According to PJ Rehm, Distribution Services Coordinator, ElectriCities of North Carolina, “as utilities modernize, the interoperability between network systems increases risk, causing utilities to realize they need better protection. In the same way smart grid projects (AMI, distribution automation, substation automation) are modernizing utilities, utilities also need to modernize their approach to security.” Rehm stated, “real time alerting to possible attacks and the information to know how to defend against them provides the most value to utilities.”
Turning on the Lights
There are some basic steps you can take to ensure your network infrastructure, distributed assets, and data remain safe from cyber attacks. Continuous monitoring is an essential element of an overall layered cyber security architecture. Continuous monitoring provides visibility into potential risks – before they become a threat and cause damage.
What are the key elements of a continuous risk monitoring solution?
1. Non-intrusive monitoring of network traffic at key points into and between networks
2. Real-time alerts about possible threats
3. Detailed information about threats including seriousness
4. Remediation recommendations from security experts enabling IT to take defensive steps to protect against the threat
“Cyber security is so dynamic that we find we need to outsource security services to experts. This ensures the information is correct and ultimately is less expensive,” said Rehm.
For utilities to establish a comprehensive approach to cyber security, a commitment to a duel strategy of a strong, proactive offense and traditional defense is essential.
Tom Ayers is President & CEO of N-dimension Solutions. Through its marketing partnership with Hometown Connections, N-Dimension provides cyber security products and services to public power utilities.