Asset Management Cybersecurity Trends in the Utility Industry
image credit: © Wrightstudio | Dreamstime.com
- Apr 28, 2020 4:45 pm GMTApr 28, 2020 4:45 pm GMT
- 2212 views
This item is part of the Special Issue - 2020-04 - Cybersecurity, click here for more
It’s difficult to design a cybersecurity strategy if you don’t know what you’re protecting. And yet, the utility industry has been taking this approach for many years. It’s not unusual for utilities to be unaware of potential risks present on their generation, transmission, and distribution networks. Outdated systems that have been abandoned in place, for example, may still reside on a network and be vulnerable to exploitation. What utilities don’t know about their systems and networks, in other words, actually can hurt them. That’s why the key to effective cybersecurity planning is asset management.
Utilities often focus on offline methods of assessing and protecting their systems. Being able to analyze configurations and evaluate access control lists has value, and it does give utilities a sense of how secure individual systems are at a specific point in time. In many cases, these types of assessments fail to take a holistic view of how the entire system functions together, which can result in gaps in the assessment. You may be familiar with the “defender’s dilemma,” which states that a defender needs to protect everything, while an attacker just needs to find one vulnerability that allows an objective to be accomplished. The initial step to gaining a better perspective on a system’s vulnerabilities is through proper asset management.
Because conditions constantly change, it takes more than a periodic assessment to protect the grid. Offline assessments shine a light onto potential problems in a network or asset at a specific moment in time. It also requires continuous monitoring of system behavior so a utility can be alerted if an abnormality occurs. Visibility means knowing what is normally present on a network so you can recognize when an anomaly occurs. Once a utility takes a deep dive to identify its assets and the traffic that should be accessing them, it becomes easier to design cybersecurity measures that help protect, detect, and respond to weaknesses and threats.
When choosing an asset management solution, there are a number of approaches to consider. One of the primary considerations is active versus passive monitoring. Certain asset management solutions utilize active scans of a network to gather information about assets. This approach is fairly effective in seeing that all devices that are network-accessible have been identified. However, there can be negative consequences to an active scan of certain OT networks, containing ICS components that are sensitive to network scans.
For this reason, many other asset management solutions rely on passive approaches to identify assets on the network. This type of solution analyzes network traffic to determine what types of assets are communicating over the network. While this is less impactful than an active scan, it runs the danger of missing devices that are not actively communicating over the network. It also has more ambiguity over the asset configuration, firmware version, etc.
Many asset management solutions offer much more than just a device inventory. Many are capable of providing threat intelligence and intrusion detection capabilities that can provide real insight into the activities taking place on the assets as well as over the network, by looking for patterns of behavior or anomalies that suggest malicious intent. They can also provide robust change and configuration management features that can assist with compliance and operational requirements.
Deciding which of these security tools to implement depends on the device or network’s criticality to the grid and the potential risks it poses. For this reason, asset management is the first step toward intelligent cybersecurity strategy.