Utilities on War - Need For Cyber Security

Introduction: From military aggression to cyber threats, the Energy & Utilities sector has always been a high-profile target for adversaries. There are several reasons behind it, however the main intent is to disrupt production, cease transmission, intercept sensitive data and cripple national as well as global economies. These threats could be physical or purely cyber. Recent trends show a big spike in cyber-attacks. The Bowman Avenue Dam incident where hackers got into the remote monitoring equipment of the dam and caused malfunctions resulting in release of significant amount of water before it was controlled by the authorities. In 2008, the CIA confirmed that a cyberattack in New Orleans led to a power outage spanning multiple towns. Also in 2008, hackers interfered with the alarms & communications for Baku-Tbilisi-Ceyhan pipeline in Turkey, super pressurizing crude oil to cause an explosion that resulted in spilling of more than 30,000 barrels of oil. In 2010, STUXNET shocked the Energy & Utilities industry when it used computer worm to attack SCADA systems. In 2011, DUQU attack (derivative of STUXNET) was used for cyber espionage. In 2012, cyber-attack on Aramco aimed to stop oil & gas production in Saudi Arabia and prevent resource flow to international markets. Around 30,000 hard disks were damaged. In 2012, a spreadable malware FLAME, capable of recording audio, screenshots and user activity was used for targeted cyber espionage in Middle Eastern countries. Also in 2012, computer systems at RasGas Ltd, a major LNG exporter in Doha, Qatar was infected by unknown virus. A cyberattack on an electric grid occurred in December 2015 when Ukraine's electricity was interrupted. A third party operating from Asia was suspected of conducting the attack. Nearly, 225,000 customers had to face power outage.

Utility Industry - Cyber Security Threats & Vulnerabilities: The transformation of many utility companies from a current state of isolated IT and OT (Operational Technology) systems & environments to a fully integrated business has resulted in many challenges. IT and OT have very different architectures. In rush to provide automation and access to OT data, the OT vendors have not developed mature software and delivery processes & support techniques. OT systems are not always designed with cybersecurity in mind and therefore are vulnerable to disruptions. Existing IT security products do not meet all the requirements of OT security Use Cases, especially around “safety” mandates. As a result, many cybersecurity threats like Plant shutdown, Equipment changes, Utilities interruption, Productive circle shutdown, Inappropriate product quality, Undetected leakages, Explosions, Illegal tapping, Compliance violation (pollution) and Safety measures violations occur.

Challenges: There are many hurdles before achieving a comprehensive Information security and risk strategy like Lack of common information security policies across IT and lines-of-business, Lack of governance, risk & compliance processes to create an end-to-end approach, Absence of a centralized security authority across lines-of-business, Growing demand for information technology/ IT-OT convergence adding to complexity, Lack of cyber security awareness and training among employees, Remote work during operations and maintenance, Using standard IT products with known vulnerabilities, A limited cyber security culture among vendors, suppliers and contractors, Insufficient separation of data networks, Use of mobile devices and storage units including smartphones, Data networks between onshore and offshore facilities, Insufficient physical security of data rooms & cabinets, Vulnerable software and Outdated and ageing control systems in facilities.

Approach & Solution Framework for Utilities: traditional OT security is not enough to deal with modern day cyberattacks. Therefore, it is important for Utilities to adopt new and advanced technologies like ICS (Industrial Cyber Security). Industrial Cyber Security is a combination of practices, processes and technologies designed to defend process control networks, systems, computers, programs and data from attack, damage, disruption, unauthorized access or misuse. The following approach can be taken while designing the cybersecurity solution for utilities:

a. Understanding organizational security requirements

b. Protection from cyber intrusion

c. Detecting intrusions

d. Responding to an intrusion

e. Recovering from an incident

Conclusion: Compared to IT industry, the utilities industry is a newcomer when it comes to connectivity. Yet, as it immerses itself in integrated technologies and digitization, the industry is facing increased cyber security threats. However, distressingly cybercrime has become a full-fledged industry. Hostile actors can buy malware that comes complete with warranty, service contract and access to a 24X7 helpdesk. Cyber criminals monetize their skills by selling to the highest bidder and nation-states-armed with sophisticated expertise and effectively unlimited time and resources can hire the best in business. Therefore, strengthening of security and resilience of critical infrastructure against cyber threats becomes even more important. By ensuing Cybersecurity best practices and continuous monitoring & detection Utilities can avoid debilitating impact on National infrastructure, economic stability and Public health & Safety.

Disclaimer: The article is the independent opinion of the author and does not represent views of any organization