SG Tech Europe: Cyber security expertise is growing – on both sides
image credit: Leowolfert - Dreamstime.com
- May 20, 2019 6:19 pm GMT
- 726 views
This year, I was invited to speak at SG Tech Europe about monitoring the evolving cyber security threat landscape for energy grids. It was heartening to see so many utilities representatives engaged with cyber security topics – not just at my talk, but at others on the agenda, such as the sessions from Alliander and EDF.
The sector continues to become more engaged with this crucial topic, and with engagement comes knowledge. Knowledge is building up everywhere – in the utilities, in the security community, but also – unfortunately – among hackers.
We know more
According to the SANS 2016 State of ICS Security Survey, security experts at grid operators are well aware of the vulnerabilities. Both traditional IT systems such as office networks and OT related items such as connections to the field SCADA network rank highly as control system components considered at risk of compromise. There is strong awareness that any part of a system might be vulnerable, and through our training programme we see greater interest in security architecture and assuring security of systems and components.
They know more
However, attackers have not been sitting out this race: they know more than ever, too. Quicker than industry can find and patch vulnerabilities, hackers seem to find new ones. Many exploits are now in the public domain, which helps attackers as much as it does defenders. Cyber attacks are not new, what is new is the scale, sophistication and diversity.
There are opportunistic attackers, such as script kiddies, hacktivists and researchers. These are unlikely to do much damage to the grid besides by accident – their goals aren’t usually that destructive. The more dangerous breeds are targeted attackers. These could be terrorists looking to cause blackouts, criminals targeting OT systems for extortion purposes, or nation state actors conducting espionage or looking to sabotage critical infrastructure in the context of hybrid warfare. Just as the industry has been doing its homework, so have these groups. In fact, mainly nation state actors have the resources and skills required to do real harm to the grid.
How to respond
It would be wrong to predict catastrophe though. Some in the industry may have been slow to wake up to the cyber security threat, but there are focused efforts from many sides.
European regulators, for example, have ramped up activity on cybersecurity considerably. The NIS Directive, effective as of May last year, will soon be followed by the Cybersecurity Act, which lays out a European cybersecurity certification framework for ICT products and services. There is also a Network Code for Cybersecurity in the works focusing on energy domain specifics, taking into account particular aspects such as the sustained presence of legacy systems, real time requirements and potential cascading effects.
Within utilities too, significant progress is being made. Greater engagement leads to greater action. W are seeing utilities taking more preventative measures – such as, training, procuring secure components, security testing and sharing vulnerabilities and threat analyses – and also responsive ones, such as setting up a security operations centre (SOC), risk assessments and use of active and passive sensors throughout the network.
In the wrong hands, knowledge can be a dangerous thing. There is no way for us to stop attackers developing their knowledge, so we must ensure that we know more, and stay ahead of the game.
That means collaboration – we will achieve more working together than repeating one another’s efforts. We must focus on closing the skills gap and bringing more security expertise into the energy sector, on sharing information and knowledge to improve the security of all. We must build a security community that can raise standards throughout the fields of policy, architecture and operations.
Ultimately that is what we, at ENCS are about as a network: building that community, creating this expertise and sharing that knowledge. However, it is also what events such as SG Tech are about – bringing together professionals to learn from one another in a spirit of collaboration, rather than competition. I look forward to next year.