The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


How Utilities Can Reduce the Risk of Ransomware Attacks

image credit:
Emily Newton's picture
Editor-In-Chief Revolutionized Magazine

Emily Newton is the Editor-in-Chief at Revolutionized Magazine. She enjoys writing articles in the energy industry as well as other industrial sectors.

  • Member since 2020
  • 33 items added with 24,003 views
  • Nov 19, 2021

The utility industry faces a growing ransomware problem. Taking advantage of weak network defenses, cybercriminals are increasingly launching ransomware attacks against utility companies and other energy industry businesses.

A successful ransomware attack can have serious consequences for any business — including downtime, lost files, and a damaged reputation. With the right strategy, it’s possible for utility companies to harden their networks against cyber attacks.

What Is Ransomware?

Ransomware is a type of malicious software that hackers are using in attacks. These programs lock down files on a business’s network, holding them hostage until the organization pays a ransom to the attacker.

The Colonial Pipeline hack is one of the best-known examples of a ransomware attack. Computerized equipment operating one of the company’s pipelines was taken offline for six days following the hack as the company scrambled to restore locked-down files. Service was only restored after the company paid the hackers a ransom of 75 Bitcoin, at the time worth approximately $4.4 million.

The attack has likely done permanent damage to both the Colonial Pipeline’s reputation and the trust that American consumers have in U.S. energy infrastructure. It’s also prompted action at the federal level, with President Joe Biden considering new cybersecurity regulations in response to the breach.

Companies of all sizes are likely at risk — not just major pipeline operators like Colonial Pipeline Company. While attacks against larger businesses tend to make the news, cybersecurity research suggests that small businesses are attacked more often.

Researchers have also found that most energy companies are vulnerable to an attack, potentially leaving the assets they operate open to a breach. Utility companies that don’t take action now to protect their networks could easily fall victim to ransomware in the near future.

Mitigating the Risk of a Utility Ransomware Attack

Hackers, when selecting a business to attack, often take the path of least resistance. Obvious vulnerabilities and weak network defenses will make a business more tempting to cybercriminals.

While there is no way to guarantee that a network is secure, even basic security strategies can help keep essential assets safe. These are some of the most effective basic security measures that utility companies can implement:

1. File Backups

Ransomware attacks are so effective in part because they lock down essential files and software that businesses need to keep critical systems running.

Backup files, stored in a system not attached to the main network, can provide a quick method for businesses to restore service in the event of a successful attack. While backups won’t prevent ransomware attacks directly, they can help to reduce some of the associated risks and potential for damage.

2. Team Training

Often, hackers don’t take advantage of technological vulnerabilities. Instead, they target employees with little or no security training.

With a phishing attack, for example, hackers use emails that appear to be from a legitimate source to encourage employees to download malicious software or divulge sensitive information like passwords and usernames.

Training team members on how to spot a phish — along with other basic security skills, like how to create a secure password — can go a long way in preventing hackers from using social engineering to launch an attack.

3. Keep Devices and Security Software Up to Date

Devices that aren’t updated regularly may use software with serious exploitable vulnerabilities. Laptops, smartphones, and other devices should be patched regularly to minimize the risk of an available exploit.

IoT technology can be particularly difficult to secure. Using the right strategies to protect these devices will help utilities ensure their smart technology doesn’t become a security liability.

Endpoint security products — like antivirus software — also work best when kept up to date. Older versions of these platforms may have vulnerabilities or lack information about the latest malware. Keeping antivirus software and similar technology updated will provide your network with the best protection possible.

Committing to regular device updates is also a good way to build network visibility into your company’s security strategy. A business can’t defend devices that it doesn’t know about. Regularly patching and maintaining devices requires the business to keep some kind of record of all the devices and systems it uses — providing additional system visibility.

An audit like this may also be a good opportunity to cull devices the business does not need or use frequently — reducing the complexity of your business’s network. The simpler the network is, the easier it will be to keep track of, update, and defend.

Advanced Network Security Strategies

While basic strategies lay the foundation for an effective cybersecurity plan, businesses can do more to keep their networks safe. Investing in advanced cybersecurity strategies can help a company prepare for the threat of a ransomware attack.

1. Layer Security Software

Most effective cybersecurity strategies leverage different types of security software that work together at the same time. In addition to antivirus, many businesses also use multi-factor authentication and firewalls to protect their networks.

Antiviruses provide defense against known malware and exploits attempting to gain network access. Firewalls help block unusual network traffic, including the communication of ransomware with command and control (C2 or C&C) servers, which receive stolen data and send additional commands to malware.

Multi-factor authentication (MFA) provides additional protection for user accounts. With MFA, users logging into their account must provide both something they know — their password — and something they have, which is often a code delivered to an email address or phone number.

Requiring multiple factors of authentication can prevent hackers from gaining access to an account, even if they have that account’s password.

2. Segment the Network

If every user and device on your network can acces every resource and file you store, any compromized account can do major damage. Segmenting the network by dividing the network into subgroups and limiting user access to relevant network segments can help reduce the access an account has to the network without preventing employees from using the files or resources they need.

For example, a business may split its network into different user group segments. Employees, based on their role, are assigned different user groups that determine which segments their accounts have access to.

In the event that an employee account is compromised, there’s less of a risk that the account will have access to all resources and files stored on the business’s network.

Preparing for a Cyber Attack

Every utility company is likely vulnerable to an attack — and hackers are willing to attack businesses and organizations of all sizes. Investing in effective cybersecurity strategies now can help utilities protect themselves against ransomware and other threats.



Julian Jackson's picture
Julian Jackson on Nov 26, 2021

It seems that cyber attacks are on the rise. Do you think that the large increase in homeworking, because of the pandemic, has added extra security headaches for security staff and management?

Paul Korzeniowski's picture
Paul Korzeniowski on Dec 13, 2021

Good points. In addition, security is only as powerful as the weakest link in the chain. Many of these attacks target busy employees. So, it becomes important for a utility to try to train employees, so they identify potential malware before they click on it. That task is challenging today because the ruses have become quite sophisticated but still quite necessary. 

Emily Newton's picture
Thank Emily for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »