- Sep 24, 2020 5:03 pm GMT
This item is part of the Advances in Utility Digitalization - Fall 2020 SPECIAL ISSUE, click here for more
An increasing number of utilities are using analytics capabilities in their Integrated Security Operations Centers (ISOCs). ISOCs offer realtime situational awareness of utility cyber security postures based on physical, IT, and OT security data inputs. OT security data sources include internal networks, applications, endpoints, plus external threat intelligence and all -as-a-service activity. Realtime situational awareness based on these data streams is essential to help utilities identify vulnerabilities, audit operations, and respond to threats. ISOCs are particularly relevant with the proliferation and integration of sensors, smart inverters, and industrial internet of things (IIOT) and internet of things (IOT) deployments. As a security digitalization initiative, ISOCs rely on good data.
The value of any data is defined in how the variety, velocity, volume, and veracity are leveraged to deliver actionable information and support human or computer-automated actions. Utilities can prepare for advanced OT cybersecurity technologies that rely on data by understanding and acting on two principles.
- The immutable data condition is still garbage in, garbage out. Bad data leads to bad information and decisions.
- Good data has been validated, standardized, and normalized. In other words, raw data must undergo some preparation to be in a usable condition.
These principles apply to all digitalization initiatives like ISOCs and data analytics projects. According to the SAS Institute, 40% of all analytics projects fail because of insufficient or inadequate data preparation. About 80% of the time spent on any data analytics project is dedicated to data modeling and management. Keep those statistics top-of-mind to avoid data potholes.
Artificial Intelligence-based (AI) applications will be required to process enormous volumes of security data in real-time to detect patterns and identify anomalies, and thus react and alert appropriate staff to threats. These capabilities are the baseline for Automated Threat Mitigation (ATM) technologies that will analyze large volumes of security data from a variety of sources at high velocity to automatically identify cyber threats, respond to attacks, and resolve vulnerabilities.
ATM technology is not yet commercially available. That gives utilities sufficient time to prepare their cybersecurity data for the data-intensive applications that precede and support ATM, like ISOC deployments and AI initiatives.
Utilities currently use descriptive analytics to identify changes in asset performance or behavior of human resources for cyber security monitoring. For instance, utility ISOCs collect data from a variety of sources and standardize, normalize, and analyze that data to assess threats to OT and IT systems.
Predictive analytics are less common in OT cyber security, but the growing volumes and varieties of data, coupled with more powerful computing capabilities, offer interesting possibilities for utilities. ATM technologies will leverage predictive and prescriptive analytics with AI to inform machine-based detection and response to cyber security threats.
Data-intensive technologies and digitalization initiatives like ISOCs are important for utility OT cyber security, but only if the proper time and resources are invested in ensuring reliable data flow, readily accessible storage, and data formats for OT data.
Data veracity or accuracy is often assumed to focus on the bit content. But for OT environments, the time stamp on data determines usability. EPRI leads an interest group focused on timing vulnerabilities to help utilities and equipment vendors ensure data veracity for mission-critical systems such as protective relaying, wide area protection systems, and MPLS networks.
All utility digitalization initiatives will need rock solid data (veracity) that is available in formats that support realtime, frictionless accessibility (velocity, volume, variety). Data is the most basic precursor for future Automated Threat Mitigation-based solutions deployed for utility ISOCs. Utilities should address OT cyber security data considerations within their data governance and data management plans now and ensure their computing and data communications infrastructure are prepared to handle data volumes and speeds needed to support realtime analysis and decision-making. Ultimately, these actions will help utilities plan and deploy successful digitalization initiatives in OT cyber security and other use cases. Build the digitalization road right, and you’ll avoid the data potholes.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.