Sponsored Advertising Feature
Sometimes, the threat you cannot see can be the most dangerous. That is certainly true with cyber attacks.
In a recent survey of utility executives by Siemens and the Ponemon Institute, more than half of the respondents said that cyber attacks are on the rise. In addition, the nature of the attacks has shifted in recent years.
The federal government is taking action to address the threat. President Donald Trump on May 1 signed an executive order that authorizes U.S. Secretary of Energy Dan Brouillette to work with the Cabinet and energy industry to secure the country’s bulk-power system.
In the past, many cyber attacks targeted information technology (IT) departments with the aim of stealing customer data. Now, cyber criminals are testing and attacking utility operations, threatening to hijack critical functions that control the production and distribution of electric power.
Despite efforts to address the threat, many utilities remain unprepared. They are slow to detect new threats and unprepared to recover from successful attacks, according to the report. And while some utilities have assumed their relatively small size made them unlikely targets, recent events have dispelled the comfort that myth has held.
“Utilities with less than five thousand employees reported consistently lower confidence in their ability to identify and contain threats, monitor infrastructure, and determine which resources were most important to protect,” the Siemens-Ponemon report found.
“Utility preparedness for cyber attacks is still in an introductory or discovery stage,” Jason Miller, CEO of BitLyft Cybersecurity says. Many utilities are getting piecemeal information from assessments, but what’s really missing is contextual guidance to help them prepare and respond,” he says. “In the meantime, they are literally a sitting duck.”
Smaller utilities face several distinct disadvantages when it comes to cyber security. For example, many utilities simply don’t have a large enough staff to devote to cyber security issues. If a utility’s IT department only has one or two employees, they can quickly be overwhelmed.
At smaller utilities, the IT department can often end up being the last consideration in proposed budgets and when funds are available, they often go toward equipment updates and upgrades rather than cyber security. The lack of adequate security personnel and allocated funding can often result in a lack of preparedness for attacks, and in the worst case scenario, even the loss of human life. Utilities have important safety protocols in their physical components, but if those parts are hooked up to a digital control or part of a digital operation system, they are susceptible to compromise and failure from attackers.
“Utilities aren’t just being idle with security,” Miller says, “They are taking steps to counter cyber attacks with antivirus software, security alert software, and firewalls. But these are ‘siloed’ solutions designed to fix a particular issue and don’t provide an overarching and all encompassing approach to cyber security.”
The real threats are the unknown gaps in a company’s IT landscape. The tools that most companies use to address their security concerns are often purchased over the course of time from different vendors and are used to protect systems that vary in age and vulnerability. “The end result is multiple solutions to try and protect multiple systems leaving gaps. Attackers use those gaps and lack of integration to gain access and exploit a utility’s system.”
Many utilities have solutions that were good 10 or 15 years ago, but cyber security has moved rapidly over the past three to five years. For example, many utilities are putting too much weight on training employees not to click on phishing emails, Miller says.
While those efforts are important it’s better to stop an attack before it occurs or, at the least, immediately contain the damage after an attack occurs, he says.
When advising utilities on cyber security, Miller sees a three-part approach to addressing the problem.
First is to implement a Security Information and Event Management (SIEM) program, which forms the basis of a cyber security plan. It also helps meet several objectives; it monitors the organization’s network and its compliance requirements, and it helps an organization to identify the gaps in its system.
One of the important functions of a SIEM system is to monitor an organization’s digital network for anomalies and intrusions. However, it’s important that the monitoring be continuous.
For example, if changes have to be made to a Supervisory Control And Data Acquisition (SCADA) system, those changes can leave an organization vulnerable to a cyber attack. A well functioning SIEM program can monitor changes to a SCADA system, incorporate them, and assess them for potential risks.
Installation of the hardware and software necessary for a SIEM is foundational. It sets the stage for the next step of putting in place a Security Operations Center (SOC) to monitor and manage the data collected by the SIEM.
“Too many SIEM services just send you a barrage of monitoring alerts, which without context quickly become white noise,” Miller says. People within a company are occupied by daily operations. “They get distracted.”
BitLyft offers SOC as a service to filter out the noise and enable an organization to detect suspicious activity and keep people out who should not be there. BitLyft analysts “are constantly looking at a system and cataloging the organization’s unique digital footprint. We use this footprint to refine the SIEM platform to continue gathering contextual insights.” Miller says. “By understanding the company’s digital context, we gain a better understanding of potential threats and can stop them in their tracks before they become a serious problem.” It’s one thing to identify a threat or even to isolate it; it’s another to neutralize it.
The third step, which is the heart of the matter, is neutralization, says Miller, who cites BitLyft’s SOAR as a service.
SOAR, which stands for Security Orchestration Automation and Response, essentially means remediation. “If a BitLyft security analyst identifies a threat, we fight code with code,” Miller says.
“It is no longer good enough to monitor and detect a problem,” Miller says. If a threat is detected, computer code should be written to thwart it. “It is a different type of war. It is a code war,” Miller says.
In addition, “if we detect a threat in another client’s environment we will automatically look at the rest of our clients and compare and assess future risk. If we find that one of our client’s digital persona is similar to another we immunize them as well,” Miller says. “If you think you can just stop a threat without writing a code, you are falling right into your attacker's trap of comfortable ignorance.”
The first step a utility can take (or any company for that matter) is to begin the process of getting a security assessment to better understand the strengths and weaknesses of their cyber defenses. “To me, cyber security is focusing on identifying the hidden threats,” Miller says. “People don’t understand the severity level that is hidden around the corner.” The second, is to either internally or externally align resources and a team to execute on the findings of the assessment.
“Our goal is to educate people on their vulnerabilities and potential threats to make their entire company safer, not just sell a security protection solution. It’s an ongoing relationship of learning, refinement, and reporting so a company can focus on what they do best, achieving their mission in a safer digital world.”
For more information about BitLyft, visit the company’s website.