(This blog was originally published in November 2018. In February 2019, Micro Focus acquired Interset)
The utility sector is the bedrock of our society today—a prime target for malicious outsiders and an incredibly dangerous asset to let fall to neglectful insiders. We’re continuing to see more discussion around best practices for utility companies in the face of increasing threats in multiple fronts. Just last month, the U.S. Department of Energy (DOE) announced plans to allocate $28 million to research partnerships aimed at developing technologies to support the utility sector and other critical infrastructure against cyberattacks—a move that reinforces Energy Secretary Rick Perry’s declaration that protecting the sector is a “top national priority.”
Perry and the DOE have more than enough evidence of the need for more proactive measures for protecting our critical infrastructure. Here are some facts to paint a picture of the current state of cybersecurity for utility companies:
- In the U.S., the utility sector experiences millions of intrusions every day.
- Duke Energy reported more than 650 million attempted attacks in 2017 alone.
- Eversource reports about one million threats every day (Connecticut Critical Infrastructure 2018 Annual Report).
- The energy sector experienced more cyber incidents than any sector from 2013-2015 (ICS-CERT).
Attacks are in no shortage, and the potential impact of attacks are well-known. The 2015 attack on utility substations in Ukraine shut off power to over 225,000 utility companies for multiple hours—a sobering example of what a cyberattack on a grid can accomplish. This summer, the U.S. faced a serious reckoning when the Department of Homeland Security (DHS) reported that Russian hackers infiltrated the control rooms of multiple electric utilities, giving them the ability to cause massive blackouts and grid disruptions.
The DOE’s multi-year plan for cybersecurity issued earlier this year included three top priorities: strengthening cybersecurity preparedness, coordinating incident response and recovery, and accelerating R&D of resilient energy delivery systems. The third goal includes a specific focus on working alongside the private sector to find tools that prevent, detect, and mitigate incidents effectively for today’s complex systems. (Check out the full DOE Strategy for Energy Sector Cybersecurity for more detail).
The reality is that security operations center (SOC) teams in the utility sector face enormous pressure and very complex challenges, including protecting vast networks without sufficient security or data science expertise. This is where technology will continue to play an increasingly important role. For a utility sector SOC, a proactive security posture is critical. You have to be able to quickly know exactly what is happening within your enterprise, who is doing it, and how to respond. At Interset, we work hand-in-hand with companies in this sector to enable their SOC analysts with technology that can give them the right context quickly, connect the dots between behaviors and risk, and focus on real threats. Where critical infrastructure is concerned, speed and accuracy are of utmost importance. SOC teams can hardly afford to spend time chasing false positives when the potential damage of downtime is so high.
We’ll be keeping a close eye on the utility sector to see what new developments stem from collaboration between the public and private sectors. Alongside our utility customers, we hope to see win after win for the good guys in 2019.