Threat Detection and Vulnerability Assessments: A Two-Track Approach

PP Magazine Logo

From the November-December 2015 issue (Vol. 74, No. 1)
of Public Power

Originally published January 19, 2016


By Nathan Mitchell
Senior Director of Electric Reliability Standards and Security, APPA

January 19, 2016

So you have read up on the cyber threat landscape and are sufficiently startled. What do you do next? The fact of the matter is you need to think about your system as a house. You obviously want to find out if there’s a thief in the house, but you also want to identify your house’s security shortcomings before the thief does. Threat detection flags the thief who is in your house, while vulnerability assessments examine the holes in your system.

As part of its cybersecurity webinar series, a recent webinar featuring N-Dimension Senior Security Architect Chan Park examined how the dual-track approach of threat detection and vulnerability assessments can help a utility build a solid foundation in terms of cyber threat preparedness. In the end, knowledge is key, says Park. You never want to be in the precarious position of telling a security auditor that you “didn’t know.” Threat detection comes in many forms: network monitoring, intrusion prevention systems, intrusion detection systems, security information and event management systems, network protocol analyses, tcpdumps, sniffers, and more. Utilities need to investigate which solutions are the right fit for their systems and regardless of which solution they choose, they need to understand how to use the tools they have at their disposal and how to respond to flagged threats. In many cases, this comes down to staffing and resources. Active monitoring is essential to keep up with current threats and alerts that can’t afford to sit unread in your inbox.

In terms of looking outside of the utility’s network perimeter, vulnerability scans must serve as a complement to any threat detection solutions. Utilities must proactively search for gaps in their network protection. And this isn’t just about best practices; some utilities must comply with North American Electric Reliability Corporation Critical Infrastructure Protection standards, which are currently on their fifth iteration. Keep in mind that vulnerability scans have their limitations.

In the end, monitoring must include your network’s perimeter as well as its interior. When thinking about where to start, focus on the most critical network segments. If you do not have expertise on staff, find professionals with whom you can partner. It’s also helpful to be involved in a cybersecurity community that shares security information and threats — examples include the Electricity Information Sharing and Analysis Center and APPA’s own security listserv. Lastly, it’s extremely important to stay current with updates to your software solutions.

By waging a two-fronted war on cyber-infiltration (looking both inside and outside network perimeters), public power utilities can continue to do what they do best: providing reliable, affordable energy to the communities they power.

For more information on cyber-readiness, check out APPA’s series of seven webinars on cybersecurity for electric utilities. Learn how to protect your utility, customers, community, and the electric grid from potentially damaging interruptions.

Vulnerability scan limitations

  • An “all clear” scan is valid for that moment as network configurations may change frequently
  • Involve a level of human judgment in that personnel must configure the scans to yield actionable information
  • Lastly, scans can discover known cyber vulnerabilities. Physical access threats, for example, cannot be exposed using software solutions

← Go Back