Given the way utilities are critical infrastructure, they need to be constantly on the alert for bad actors who want to attack their systems. These can range from pranksters, lone hackers, through to professional criminals, terrorists and even unfriendly states.
This means that regular testing for vulnerabilities is a responsibility of the company's ICT department. As most ICT personnel are routinely engaged in standard tasks, it usually falls to a specialist external team of vulnerability testers and “white hat” hackers to test the systems.
One popular tool is Sliver, which appeared in 2019 as an open-source framework available on Github and popularised to security professionals. It is versatile and cross-platform and can be used for “pen testing” – penetration testing. Unfortunately it has recently also been used by malicious entities to attack companies' servers. This illustrates one of the issues of cybersecurity: often the applications can be used for positive or negative purposes, depending on the users.
Microsoft security experts have observed the Sliver framework being used actively in intrusion campaigns run by both cyberespionage nation-state threat actors such as APT29/Cozy Bear and ransomware groups, as well as other financially-oriented cybercriminals. Though there are defenses against this particular attack vector, the users are constantly updating it so it remains an evolving threat.
Multi-Factor Authentication (MFA) needs to be employed on any internet-facing system or service, especially for remote or VPN connections. Users' privileges should also be limited to what is required for their job, and administrative privileges should only be provided to workers really needing it.
Security consultants can test for vulnerabilities and penetrations and should be able to ensure that utilities' systems are secure. However often they are older, legacy systems, which introduces vulnerabilities that clever antagonists can leverage to attack the infrastructure. So wise ICT managers should ensure that they are well-protected with the latest provisions against cyber attack.