Cyber Security has reached a critical point with Small to Medium Business

Cybersecurity is a Theme across multiple industries, and it is not going away!

Predictions in 2023!

Cybersecurity will occupy centre stage in 2023 as Mining, Oil and Gas, Utilities and Mum and Dad Small Businesses grapple with increasing attacks.

Cybersecurity has been gradually climbing up utilities’ agendas; it is now undoubtedly a key concern, and the new term for 2023 is criticality, which is deemed paramount for the industry. The need to connect a growing range of market participants to core utility systems and the growth of private consumer data coming into utilities’ systems from smart metering and innovative home initiatives also create additional risks and regulatory responsibilities.

Utilities’ investment in cyber security, split across technology, services, and internal skills development will only accelerate as they try and address these challenges.

The proliferation of smart devices will increase the diversity and number of attack vectors in utilities. Utilities’ existing systems are also becoming increasingly connected with sensors and networks and, due to their dispersed nature, are becoming increasingly difficult to control. This growing attack surface will provide a greater opportunity for attackers to target grids.

As utility infrastructure becomes more interconnected, smart, and decentralized, a centralized approach to securing them will become increasingly infeasible. While central monitoring and oversight is essential, it is not sufficient, since a central system cannot react quickly enough to some threats, especially as control becomes fragmented across many systems like microgrids.

In 2023, will be an increasing onus on edge elements and local systems to be resilient to attack and have the flexibility to support the resilience of the wider energy system in the case of an attack on the grid.

IoT will expose grids to attacks. IoT has emerged as a key enabler in the process of modernizing critical utilities’ infrastructure, but it has also exposed utilities to a host of new threats and vulnerabilities.

The industry may face some serious repercussions in the case of any successful cyberattack such as dangerous equipment failure, power cuts, or a compromise of clean water supplies. At the same time, the IoT is a key enabler of more efficient grids, improved maintenance and asset management, and better customer outcomes.

In order to balance the benefits of the IoT with its risks, vendors need to

support much more robust security standards around devices, communications, and data management.

AI will find increased use in helping security analysts stay ahead of threats. More and more, there is a need for a unified way to handle cyber and physical security for all parts of the utility infrastructure. Many of the recent attacks on industrial control systems, notably the attack on the Ukrainian power grid in 2015, and that on the Iranian nuclear program, were essentially a combination of cyber and physical elements. An effective security strategy for utilities needs to take both into account. It also requires a system that can correlate data from many sources

and systems to identify cyber threats before they materialize. The AI systems used in this case curate millions of research papers and news stories and help analysts predict and gauge an upcoming threat.

Leaders

Red Piranha, ESET, Check Point Software, Cisco, Fortinet, IBM, Palo Alto Networks, Secureworks, Sophos, and Symantec are all part of unified threat management

Cloud security: Quantum MSP, Barracuda Networks, Fortinet, Imperva, Micro Focus, Qualys, and Sophos.

AI: IBM, Microsoft 365, Alphabet, Digital Network, Splunk, DMG Social and Palantir.

Utilities: Enel, National Grid, Iberdrola, Duke Energy, Engie

Laggards

Tech Companies: Juniper Networks, Palo Alto Networks, Dell Sonic Wall

Power companies: Several power utilities in India have recently been the victims of ransomware attacks and other cyber-attacks. In early 2019 the servers of two state-run utilities in India in the states of Andhra Pradesh and Telangana were hacked and this made several aspects of the utilities’ websites dysfunctional.

Another major renewable energy-focused utility in the US called sPower was also subject to a cyberattack which led to several lost connections between the utility’s control centre and its several renewable energy sites. The vulnerability that led to this attack was a bug in the firewall provided to sPower by Cisco. The attack would have been prevented had the utility used a stronger, more updated, and more effective firewall.

For more information on this article please contact the author John Dryden at [email protected]