Cybersecurity has increased in importance to utilities and power plants, with attacks such as 2021’s Colonial Pipeline headlining the news. The threat is growing, as 83% of energy and critical infrastructure industry firms had at least one operational technology (OT) cybersecurity breach between 2018 and 2021. A UK poll shows 78% of IT leaders feel unprepared to deal with cyberthreats.
Legacy OT assets in IPP and utility OT networks can have a 25 year lifecycle. These unconnected systems were not designed to be patched or updated. Isolation provided some protection, but today’s digital connection means the lack of updates is a vulnerability. Managing updates is costly but essential for OT security. Well-informed threat actors have studied every function and actively target energy OT networks.
Energy OT was a standalone system with no connectivity, which was later paired with digital technology for productivity and reliability. Interconnected systems with remote access face the risk of profit-seeking or politically driven threat actors exploiting vulnerable system gaps—breaching energy OT systems from across the globe.
Malware and ransomware in power plant OT networks are often precisely engineered attacks. Risk is highest where OT and IT intersect. Ransomware ranks as the #1 threat to businesses. Many CISOs believe an attack is inevitable within 12 months, impacting supply chain and business operations among trusted partners and across industries.
Energy industry OT faces greater cybersecurity challenges than ever. As IT and OT systems are linked, global threats target power plants and utilities for ransom, espionage and political impact. Although creating an airlock to isolate OT systems is no longer sufficient security, these four tactics can reduce energy sector risks from cyberattacks.
A zero trust model audits and tracks who has access to which resources and makes plans to mitigate damages if a power plant were breached. Zero trust grants network access only to verified users and their devices. As access is verified, controlled, and monitored, the system protects authorized participants from harmful cyberattacks.
In a zero trust model, cybersecurity leaders assume any person, device or app is compromised and a potential source of breach. By segmenting people, devices, company, apps or workflow actions, security leaders can match access with an appropriate damage control strategy. A solid plan can reduce utility downtime and costly damages.
Industrial control systems (ICS) are managed by software called SCADA (Supervisory Control and Data Acquisition), a command central for power plant OT cybersecurity. Choose a specifically designed and enabled ICS/SCADA system to monitor uninterrupted energy industry OT functionality—and sound the alarm should a security breach occur.
Awareness of details is key to improving energy industry cybersecurity. Proactive understanding of performance and patterns of power plant OT are essential. In addition, high powered analytics can help to identify performance issues and anomalies that could signal a cyberattack, even as an incident is happening.
The energy industry is expanding, with a footprint encompassing energy generation to distribution. Supply chains span countries, and even cross continental borders. The blending of IT with OT in power plants, however, has fundamentally changed energy from a physical security environment into a target of cyberthreats with no borders to constrain them.
A zero trust model can significantly improve energy industry OT security by eliminating the outdated reliance on perimeter-based protection. Segmenting approved entities with network access, from employees to trusted vendors to remote devices, can help contain damage from cyberattacks. Purpose-built ICS monitoring tools can help boost security, while high performance analytics can increase reliability as well as boost security.
These steps can help to power plant or utility OT leaders to build a substantial protective barrier against attacks. But it can be costly and difficult to develop the expertise to fill every security role with an expert. It’s important to identify a capable, experienced partner with strong credentials in protecting OT viability in the energy industry.
GE Gas Power’s product expertise and operational experience managing cyber risks generates solutions to protect the people and products that power our future. GE Gas Power offers Guardian*, a cybersecurity monitoring solution with capacity for rapid detection of cyber threats and disruptions. Guardian provides high level insight into operational control networks, IT, and cloud assets, helping to keep the energy industry more secure.
In addition, GE’s Power Patch Validation Program (PPVP) keeps control system environments up to date from a security perspective, so OT environments better maintain their integrity against breaches and peak performance levels.
Contact us today for a private discussion of the best options to defend your OT system.
* Guardian is a registered trademark of Nozomi Networks.
Contact us