The energy industry is attracting the attention of hackers looking to cause widespread disruption. This should worry all of us, as the energy that utilities provide serves as the lifeblood of a functioning modern society. But the facts speak for themselves: According to the U.S. Department of Homeland Security’s Industrial Control Systems Computer Emergency Response Team, 53% of reported cybersecurity incidents in the first half of 2013 were related to the energy industry.
How to address cybersecurity threats
Hacking isn’t new. The IT industry has a long history of cybersecurity breaches. But hacking continues to evolve. While still new to the age of connectivity, the energy industry is becoming increasingly aware of cybersecurity threats and the need for standardized, effective solutions.
The white paper, “A Framework for Developing and Evaluating Utility Substation Cyber Security,”provides insights into processes for securing substations, advice for overcoming asset management challenges, and descriptions of available tools.
Points to consider in combating substation cybersecurity threats include:
- Limitations of typical bolt-on solutions: While these add-ons provide a layer of security to help reduce risk of a cyber attack on operational technology (OT) devices, devices are still vulnerable should a breach occur in the layer of security built around power applications.
- Mounting pressure to address substation cybersecurity risks: Utilities are emulating their IT peers and are placing their infrastructure security houses in order. Unfortunately, standardization and ease of management of security devices is lacking in the industry, mainly because proprietary or product-specific methodologies to manage security are the norm.
- Power application upgrades: Security monitoring is not central to the design of most embedded devices and power system applications, which makes it a challenge to ensure cyber security. Utilities should consider upgrading to power applications and devices with built-in functionality such as unique user IDs and IT protocols like Simple Network Management Protocol (SNMP).
- Cybersecurity compliance: Using a proven four-step approach, utilities can further bolster their substation cybersecurity program.
Not a one-size-fits-all solution
As the data suggest, the energy industry is a big target. As more gateways close to hackers, they’ll increase their efforts to break them down.
Standardization plays a key role in reducing cybersecurity incidents. In addition, maintaining cyber security is an ongoing process that requires new technologies, more security layers, and security policy development.