How Utilities Are Meeting Today’s Cyber Security Challenges
- Jun 2, 2022 8:49 pm GMT
Russia’s continuing war on Ukraine prompted President Biden to issue a strong warning to U.S. companies: “Harden your cyber defenses immediately.” This warning was based on intelligence that the Russian government was examining options for potential cyber attacks. We know from past actions that part of this exploration may include attacks against power infrastructure, either in Ukraine or in places that provide assistance to Ukraine, such as the U.S. In 2015, Russia hacked Ukraine's power grid, resulting in power outages for nearly a quarter of a million customers.
While, as I’ve learned from my fellow Energy Central contributor, Tom Alrich, Russia does not have the capability to shut down the U.S. power grid, the current situation is prompting utilities to consider what is possible in terms of system vulnerabilities and take steps to follow President Biden’s advice.
Protecting New Attack Vectors
In the past, the power grid was a pretty simple system, consisting of one-way power delivery from energy providers to customers. While sources varied, all components were physical in nature and it took physical events to interfere with generation, transmission, and distribution. Now the grid is multi-faceted and multi-directional, with many more sources and the addition of digital networks. Each component of these networks is a potential attack vector for hackers that must be protected, so utilities are taking a closer look at equipment such as transmission and distribution sites, operational software, and Internet of Things (IoT) devices that present possible threats.
Striking a Balance
Utilities need data from customers to help them serve those customers better. For example, metering data helps power providers understand usage patterns and adjust services accordingly. Personal data helps them to target specific customers with programs they might be interested in and able to afford. Yet, in the wrong hands, this data can also be used for malign purposes. Therefore, utilities are balancing the need for data with the need for privacy and ensuring proper security is in place to protect customers.
Recognizing the Human Threat
The challenge with a more digitally-based power delivery system is not limited to hardware, software, and internet connectivity. Whether purposely or not, humans can be a big part of the cyber threat landscape as well. Workers with the right access can intentionally introduce malware into a utility’s network. They can also be induced to do so without their knowledge, such as by finding an infected thumb drive and plugging it into a networked computer or opening an attachment in an email that looks like it comes from a supervisor. Yet, team members can also serve as part of the solution if they know what to look for in terms of how attackers operate. Utilities are using the zero-trust model to limit employee access to sensitive systems and training workers on how to spot cyber threats before they become cyber attacks.
Utilities are taking all these elements into consideration and updating their cyber security plans, which include strong governance, assessments to determine the biggest threat areas, assignments for cyber security preparation and mitigation, training procedures, and regular checkups to ensure plans remain relevant from year to year.
How is your utility managing cyber security? Please share in the comments.
No discussions yet. Start a discussion below.