小程序
传感搜
传感圈

Utilities Sector & Cybersecurity: Staying Ahead of Cybercriminals

2022-11-18
关注

Utilities Sector & Cybersecurity: Staying Ahead of Cybercriminals
Illustration: © IoT For All

Like all critical infrastructure, U.S. utilities are prone to cyber threats, even in peacetime. It is important to note that with all that is going on between Russia and Ukraine, security is also becoming more of a focus for consumers. According to our survey of American utility users in March of this year, hackers bringing down internal systems were identified as a potential risk to utility supply by 46.9 percent of recipients. Let’s take a look a the importance of cybersecurity for the utility sector.

Utilities looking to embed and maintain a strategic cybersecurity program should constantly review their systems and technology alongside their connectivity partners.' -Alastair MacLeodClick To Tweet

The Digital Battlefield

Cybercriminals are looking for innovative ways to exploit the economic value of the utility sector. Meanwhile, hacktivists seek ways to publicly leverage their opposition to political or environmental agendas by disabling facilities through, for example, a distributed denial of service (DDOS). This digital battlefield is being fought in myriad ways, from disruption to enterprise systems that underpin a utility company’s commercial and human operations, and even more malign intervention of operational technology, designed to inflict severe disruption to civil society. The “AcidRain” malware attack in February of this year caused severe, prolonged disruption to operations on a mass scale. The attack wiped out Viasat’s KA-SAT broadband service’s satellite modems, impacting thousands in Ukraine and further across Europe.

Countering the Threat

According to IBM, the energy industry ranked fifth in overall data breach costs in 2021, and cybersecurity in the utility sector brings with it additional considerations. It is a highly regulated industry where breaches can be costly by any other industry’s standards. Moreover, costs associated with ransomware or cyberattacks can quickly escalate. Between 2020 and 2021, there was a reported 10 percent increase from $3.86 million to $4.24 million per data breach incident. Then, there is the length of time it takes to discover a breach, and the longer the breach goes unnoticed, the more expensive and/or disruptive the incident. And finally, there are the fines incurred from regulatory bodies, both in the E.U. and U.S.

However, it is not all bad news. Cybersecurity is already a priority for utility firms, and there are many ways to counter these threats, starting with recognizing this inherent vulnerability and embedding a culture of awareness that shapes more secure behavior, processes, and system design. This is especially true of the operational technology (OT), focusing on telemetry which measures and identifies trends across the utility network, and/or SCADA (Supervisory Control and Data Acquisition) which controls the system architecture.

Private Networks: How They Can Help

Risk increases when data is exposed to the open internet, which is why utilities must leverage cybersecurity and control using the latest IP technology: Securely operating within public networks or operating via secure, private networks. Private networks and dedicated hubs, such as those within a TSAT satellite system, maintain a vital air gap between telemetry and control and open public networks. On the other hand, enterprise systems are often routed through internet protocols and are inherently more visible. Simply, in an ideal world, SCADA and telemetry data will not be mixed with enterprise traffic. Secure separation helps ensure this data doesn’t fall into the wrong hands.

After all, a sub-station with limited security can be disabled leading to regional power-loss, or worse still, large-scale disconnection at a grid’s source. If a hacker has knowledge of how a grid is being used and can interrupt the control of grid assets at the same time, they have all the power they need for a checkmate. If the first principle of security is to separate the data’s carrier and storage, nowhere is this more important than on the cloud where the superficially attractive proposition of cost savings can lure one into holding telemetry data along with all other data used across the organization’s operations.

Paradoxically, some of the legacy technology still widely used, such as Serial Peripheral Interface (SPI), are more secure due to insulation by virtue of a physical connection. Although new IP-enabled technologies are currently deployed, this only takes place when protected within a private network or software-defined trusted network. There are plenty of examples that illustrate the level of disruption water and energy supplies are prone to. Last year, a cyberattack forced operator Colonial Pipeline to temporarily shut down 5,500 miles of pipeline when an attempt was made to tamper with the levels of sodium hydroxide in Oldsmar, Florida’s water supply. More recently in Ukraine, hostile intervention has led to the disabling of energy in wind farms.

In addition, the control of water flow becomes more critical with the increasing impact of climate change. Extremes necessitate accurate prediction and timely response to rapidly changing conditions. This must be controlled using the latest IP technology, all of which must be securely operated within public networks or operated via secure private networks. In the same way, managing diminished supplies of energy between, and within countries, depends on intelligent, smart technology automatically distributing supply to wherever it is required. It is essential that, in addition to the protection of static data, how data moves is equally resilient, and that in turn means having backup systems in place.

Secure IoT Now

As IoT becomes more embedded in industry day-to-day, it becomes vital that all devices and local networks associated have the necessary software to protect them. One such way is through software-defined wide area network (SD-WAN) technology, which keeps data locked down and secured from the outside world. At the same time, the technology ensures consistent application performance and resilience by automatically steering traffic in an application-driven manner based on business intent, security protocols, and WAN architecture. Primary bearers and platforms need to have alternatives in place, which means satellite, LTE, and 4G/5G solutions. Because telemetry data requires less bandwidth than much of the traffic going over an enterprise system, it can also be more difficult to trace, though we advise all our clients to have these backup solutions in place.

Utilities looking to embed and maintain a strategic cybersecurity program should constantly review their systems and technology alongside their connectivity partners. This is necessary to identify gaps and opportunities based on whatever threat intelligence protocols they have in place to increase situational awareness across teams.

Tweet

Share

Share

Email

  • Connectivity
  • Cybersecurity
  • IT and Security
  • Privacy
  • Security

  • Connectivity
  • Cybersecurity
  • IoT Business Strategy
  • IT and Security
  • Privacy

参考译文
公用事业部门与网络安全:领先于网络罪犯
与所有关键基础设施一样,美国的公用事业也容易受到网络威胁,即使在和平时期也是如此。值得注意的是,随着俄罗斯和乌克兰之间发生的一切,安全问题也越来越成为消费者关注的焦点。根据我们今年3月对美国公用事业用户的调查,46.9%的用户认为黑客破坏内部系统是公用事业供应的潜在风险。让我们来看看网络安全对公用事业部门的重要性。网络犯罪分子正在寻找利用公用事业部门经济价值的创新方法。与此同时,黑客活动分子寻求公开利用他们反对政治或环境议程的方法,例如通过分布式拒绝服务(DDOS)使设施瘫痪。这场数字战场正在以各种方式展开,从破坏支撑公用事业公司商业和人工运营的企业系统,到更恶意地干预运营技术,旨在对公民社会造成严重破坏。今年2月的“AcidRain”恶意软件攻击造成了大规模的严重、长时间的业务中断。这次攻击摧毁了Viasat公司KA-SAT宽带服务的卫星调制解调器,影响了乌克兰和欧洲其他地区的数千人。根据IBM的数据,在2021年的总体数据泄露成本中,能源行业排名第五,公用事业部门的网络安全带来了额外的考虑。这是一个受到高度监管的行业,以任何其他行业的标准衡量,违规都可能付出高昂的代价。此外,与勒索软件或网络攻击相关的成本可能会迅速升级。据报道,在2020年至2021年期间,每起数据泄露事件的损失从386万美元增加到424万美元,增幅为10%。其次,发现漏洞需要很长时间,漏洞被忽视的时间越长,事件的代价和/或破坏性就越大。最后,还有来自欧盟和美国监管机构的罚款。不过,也不全是坏消息。网络安全已经是公用事业公司的优先事项,有很多方法来应对这些威胁,首先要认识到这种固有的脆弱性,并嵌入一种意识文化,形成更安全的行为、流程和系统设计。对于操作技术(OT)来说尤其如此,它关注于测量和识别整个公用事业网络趋势的遥测技术和/或控制系统架构的SCADA(监督控制和数据采集)。当数据暴露在开放的互联网上时,风险会增加,这就是为什么公用事业公司必须利用网络安全和使用最新的IP技术进行控制:在公共网络内安全运行或通过安全的专用网络运行。私有网络和专用枢纽(如TSAT卫星系统内的那些)在遥测和控制与开放的公共网络之间保持着至关重要的空气间隙。另一方面,企业系统通常通过internet协议路由,因此本质上更可见。简单地说,在理想的情况下,SCADA和遥测数据不会与企业流量混合在一起。安全分离有助于确保这些数据不会落入坏人之手。毕竟,一个安全保障有限的变电站可能会被关闭,导致区域断电,或者更糟的是,电网源头的大规模断开。如果黑客知道网格是如何被使用的,并且可以同时中断对网格资产的控制,那么他们就拥有了将死所需要的所有力量。如果安全的首要原则是将数据的载体和存储分开,那么没有什么比在云计算上更重要了。在云计算上,节省成本这一表面上很有吸引力的主张可以诱使人们将遥测数据与整个组织操作中使用的所有其他数据一起保存。 矛盾的是,一些仍然被广泛使用的遗留技术,如串行外围接口(Serial Peripheral Interface, SPI),由于物理连接的隔离作用而更加安全。尽管目前部署了支持ip的新技术,但这只在私有网络或软件定义的可信网络中受到保护时才会发生。有很多例子可以说明水和能源供应容易受到的破坏程度。去年,一次网络攻击迫使运营商Colonial Pipeline暂时关闭了5500英里长的管道,原因是有人试图篡改佛罗里达州奥德斯玛供水系统中的氢氧化钠含量。最近在乌克兰,敌对的干预导致风力发电场的能源瘫痪。此外,随着气候变化的影响日益增加,对水流的控制变得更加关键。极端情况需要准确的预测和对迅速变化的条件的及时反应。这必须使用最新的IP技术加以控制,所有这些技术必须在公共网络内或通过安全的专用网络安全地运行。同样,管理国家之间和国家内部能源供应的减少,依赖于智能、智能的技术,自动将供应分配到需要的地方。除了保护静态数据外,数据移动的弹性也同样重要,这反过来意味着要有备份系统。随着物联网越来越多地嵌入到工业日常生活中,所有设备和本地网络相关的必要软件来保护它们变得至关重要。其中一种方法是通过软件定义广域网(SD-WAN)技术,该技术将数据锁住,不受外部世界的影响。同时,该技术通过基于业务意图、安全协议和广域网架构的应用程序驱动方式自动引导流量,确保了一致的应用程序性能和弹性。主要运营商和平台需要有替代方案,这意味着卫星、LTE和4G/5G解决方案。由于遥测数据所需的带宽比经过企业系统的大部分流量更少,因此它也更难以跟踪,尽管我们建议所有客户都准备好这些备份解决方案。希望嵌入和维护战略网络安全计划的公用事业公司应与连接合作伙伴一起不断审查其系统和技术。这是必要的,以确定差距和机会,基于任何威胁情报协议,以增加跨团队的态势感知。
您觉得本篇内容如何
评分

评论

您需要登录才可以回复|注册

提交评论

iotforall

这家伙很懒,什么描述也没留下

关注

点击进入下一篇

国际互联网日:创造全球互联的地球

提取码
复制提取码
点击跳转至百度网盘