Part of Grid Network »

The Grid Professionals Group covers electric current from its transmission step down to each customer's home. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

Asset Management Cybersecurity Trends in the Utility Industry

image credit: © Wrightstudio | Dreamstime.com

This item is part of the Special Issue - 04/2020 - Cybersecurity, click here for more

It’s difficult to design a cybersecurity strategy if you don’t know what you’re protecting. And yet, the utility industry has been taking this approach for many years. It’s not unusual for utilities to be unaware of potential risks present on their generation, transmission, and distribution networks. Outdated systems that have been abandoned in place, for example, may still reside on a network and be vulnerable to exploitation. What utilities don’t know about their systems and networks, in other words, actually can hurt them. That’s why the key to effective cybersecurity planning is asset management.

Utilities often focus on offline methods of assessing and protecting their systems. Being able to analyze configurations and evaluate access control lists has value, and it does give utilities a sense of how secure individual systems are at a specific point in time. In many cases, these types of assessments fail to take a holistic view of how the entire system functions together, which can result in gaps in the assessment. You may be familiar with the “defender’s dilemma,” which states that a defender needs to protect everything, while an attacker just needs to find one vulnerability that allows an objective to be accomplished. The initial step to gaining a better perspective on a system’s vulnerabilities is through proper asset management.

Because conditions constantly change, it takes more than a periodic assessment to protect the grid. Offline assessments shine a light onto potential problems in a network or asset at a specific moment in time. It also requires continuous monitoring of system behavior so a utility can be alerted if an abnormality occurs. Visibility means knowing what is normally present on a network so you can recognize when an anomaly occurs. Once a utility takes a deep dive to identify its assets and the traffic that should be accessing them, it becomes easier to design cybersecurity measures that help protect, detect, and respond to weaknesses and threats.

When choosing an asset management solution, there are a number of approaches to consider.  One of the primary considerations is active versus passive monitoring. Certain asset management solutions utilize active scans of a network to gather information about assets. This approach is fairly effective in seeing that all devices that are network-accessible have been identified.  However, there can be negative consequences to an active scan of certain OT networks, containing ICS components that are sensitive to network scans.

For this reason, many other asset management solutions rely on passive approaches to identify assets on the network. This type of solution analyzes network traffic to determine what types of assets are communicating over the network. While this is less impactful than an active scan, it runs the danger of missing devices that are not actively communicating over the network. It also has more ambiguity over the asset configuration, firmware version, etc.

Many asset management solutions offer much more than just a device inventory. Many are capable of providing threat intelligence and intrusion detection capabilities that can provide real insight into the activities taking place on the assets as well as over the network, by looking for patterns of behavior or anomalies that suggest malicious intent. They can also provide robust change and configuration management features that can assist with compliance and operational requirements.

Deciding which of these security tools to implement depends on the device or network’s criticality to the grid and the potential risks it poses. For this reason, asset management is the first step toward intelligent cybersecurity strategy.

Discussions

Matt Chester's picture
Matt Chester on Apr 28, 2020

Outdated systems that have been abandoned in place, for example, may still reside on a network and be vulnerable to exploitation. What utilities don’t know about their systems and networks, in other words, actually can hurt them. That’s why the key to effective cybersecurity planning is asset management.

Why do you think this has become such a problem in the utility sector compared with other sectors? Is it because utilities can be large with different departments overly siloed, or is there something else going on that leads to this mismanagement in the utility industry?

John Biasi's picture

Thank John for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »