Cybersecurity at Utilities: 2020
image credit: Image by Worcester Polytechnic Institute (https://www.wpi.edu/news/answering-national-need-wpi-extends-pipeline-careers-computer-science-and-cybersecurity), used with permission
- Apr 14, 2020 7:45 pm GMT
- 1987 views
WOW - COVID-19 shelter at home rules have sure increased our reliance on computer networks!
Utilities already depend on computer networks for business and operations. With databases full of personally identifiable information (e.g. checking account information), utilities are an attractive target for hacker thieves. Further, as operators of critical infrastructure, utilities are also attractive targets for potentially hostile nations seeking an advantage if there's a future conflict. This part is not new. What's new today is the massive increase in the use of the internet to work from home when possible. This is likely to continue even after the world overcomes the novel corona virus.
Working from home can introduce additional cybersecurity risk (e,g.loss of data). To meet this increased cybersecurity risk, now is a good time to refresh people on basic cyber hygiene. Leaders can remind people that most successful attacks start with phishing. Employees should be alert to this risk and report potential phishing emails to network administrators so the originating IP address can be blocked. Leaders should also make sure their organizations are up to date with software patches since attacker malware often exploits existing, unpatched vulnerabilities.
These tactical actions are useful and important but the attackers will only get better so a lasting strategy is needed to reduce cyber risk over the long term. In order for organizational defense to stay ahead of the attackers, I think utility organizations should strengthen their partnerships with educators.
- First, professional educators can help design training and professional development programs so that they produce lasting behavior changes.
- Second, to build staff expertise in key disiciplines like computer and network security, utilties can continue to invest in their employee's education. Many utilities have reimbursement programs; however, enhanced reimbursement can be targeted to successfully build critical skills.
- Third, utilities should work to create and grow talent pipelines. This can take the form of scholarships for service program where students are selected in return for a service commitment (like the U.S. Federal Government does). Other forms include hosting seminars (e.g. pizza for students) to get to a dialogue with individual students about possible futures.
In any case, utilities will be better equiped to reduce cyber risks if they have educators on their team.