GUEST OPINION: Recent cyberattacks targeting critical infrastructure have starkly illustrated the risk of industrial control systems, sending a disturbing reminder to the power sector about the critical need for resilient operational technology (OT) environments.
A major player in Australia’s energy sector fell victim to a cyberattack last year, impacting its operational systems. As the power industry undergoes a digital transformation that promises enhanced efficiency and cost savings, it must navigate a complex and evolving threat landscape to ensure the reliability and security of its systems.
The severity of the situation is underscored by the 2021-2022 ACSC Annual Cyber Threat Report, which highlights a notable surge in cyber threats within the power sector. This report reveals that the energy sector had recently entered the ranks of the top 10 sectors reporting cyberattacks, emphasising the heightened risks faced by the industry.
The utilisation of new technologies to optimise workflows presents a security challenge for businesses. This challenge arises due to the coexistence of both modern and outdated equipment in their operational systems. Add to this the more frequent implementation of connections to external networks. Recognising the urgent need for cybersecurity measures, organisations that adopt the latest vulnerability management best practices will be best prepared to reduce risk and mitigate possible damage.
|
|
The interconnected nature of systems within utilities amplifies the risks of cascading cybersecurity incidents. Legacy systems, intertwined with newer architectures, create a labyrinth of vulnerabilities susceptible to sophisticated malware and cyberattacks. Even air-gapped networks, once breached, can serve as conduits for infiltrating critical control systems. The domino effect is a grave concern, as a breach in one part of the network can cascade into operational systems responsible for managing generation, transmission, and distribution, thereby jeopardising service reliability downstream. This was demonstrated in the 2015 and 2016 attacks against the Ukrainian power grid, where the attackers deftly pivoted from the IT network into the OT network, completely undetected.
The challenge for power companies lies in identifying and remediating vulnerabilities or implementing compensating controls within these intricate systems. A breach of a single substation controller, for example, can have far-reaching consequences and threaten regional and even national grids. These systems’ sprawling and interdependent nature demands a proactive approach to security beyond conventional measures.
In the face of these challenges, a proactive and comprehensive cybersecurity strategy is imperative. Regular asset inventory, vulnerability assessments and continuous surveillance of Industrial Control Systems (ICS) become essential tactics for the power sector. A holistic approach is required to identify risks, Indicators of Compromise and vulnerabilities. Purpose-built software, capable of understanding the specifics of Operational Technology, must be deployed to defend against cyber incidents.
Maintaining full visibility into all operational assets, including intelligent electronic devices (IEDs), remote terminal units (RTUs), programmable logic controllers (PLCs), breakers, meters, drivers, and other devices, is critical.
This approach enables power companies to have a continuous real-time understanding of their OT environment, empowering them to detect and respond to potential threats promptly. Asset visibility is the foundation upon which vulnerability management and threat detection can be built, creating a robust defence against the evolving cyber threat landscape. Risk management should be an ongoing process, with regular assessments and updates to ensure that security measures are aligned with the latest threats. Continuous surveillance of ICS systems allows for the early detection of anomalous activities, providing organisations with the opportunity to pre-emptively respond and mitigate potential risks. By adopting a proactive stance, power companies can stay ahead of cyber adversaries and safeguard critical infrastructure.
Furthermore, collaboration within the industry is paramount. Information sharing on emerging threats, vulnerabilities, and best practices can significantly enhance the collective resilience of the power sector. Governments, regulatory bodies, and industry stakeholders must work collaboratively to establish and enforce cybersecurity standards and regulations that elevate the overall security posture of the power industry.
To strengthen their cybersecurity defences, power companies can enhance their understanding of crucial assets and prioritise managing risk strategically. This proactive approach allows them to allocate resources effectively, ensuring the secure and resilient functioning of their smart grids. In doing so, they protect essential services for both communities and industries, even in the face of constantly changing cybersecurity threats.