Utilities Sector & Cybersecurity: Staying Ahead of Cybercriminals

Like all critical infrastructure, U.S. utilities are prone to cyber threats, even in peacetime. It is important to note that with all that is going on between Russia and Ukraine, security is also becoming more of a focus for consumers. According to our survey of American utility users in March of this year, hackers bringing down internal systems were identified as a potential risk to utility supply by 46.9 percent of recipients. Let’s take a look a the importance of cybersecurity for the utility sector.

The Digital Battlefield

Cybercriminals are looking for innovative ways to exploit the economic value of the utility sector. Meanwhile, hacktivists seek ways to publicly leverage their opposition to political or environmental agendas by disabling facilities through, for example, a distributed denial of service (DDOS). This digital battlefield is being fought in myriad ways, from disruption to enterprise systems that underpin a utility company’s commercial and human operations, and even more malign intervention of operational technology, designed to inflict severe disruption to civil society. The “AcidRain” malware attack in February of this year caused severe, prolonged disruption to operations on a mass scale. The attack wiped out Viasat’s KA-SAT broadband service’s satellite modems, impacting thousands in Ukraine and further across Europe.

Countering the Threat

According to IBM, the energy industry ranked fifth in overall data breach costs in 2021, and cybersecurity in the utility sector brings with it additional considerations. It is a highly regulated industry where breaches can be costly by any other industry’s standards. Moreover, costs associated with ransomware or cyberattacks can quickly escalate. Between 2020 and 2021, there was a reported 10 percent increase from $3.86 million to $4.24 million per data breach incident. Then, there is the length of time it takes to discover a breach, and the longer the breach goes unnoticed, the more expensive and/or disruptive the incident. And finally, there are the fines incurred from regulatory bodies, both in the E.U. and U.S.

However, it is not all bad news. Cybersecurity is already a priority for utility firms, and there are many ways to counter these threats, starting with recognizing this inherent vulnerability and embedding a culture of awareness that shapes more secure behavior, processes, and system design. This is especially true of the operational technology (OT), focusing on telemetry which measures and identifies trends across the utility network, and/or SCADA (Supervisory Control and Data Acquisition) which controls the system architecture.

Private Networks: How They Can Help

Risk increases when data is exposed to the open internet, which is why utilities must leverage cybersecurity and control using the latest IP technology: Securely operating within public networks or operating via secure, private networks. Private networks and dedicated hubs, such as those within a TSAT satellite system, maintain a vital air gap between telemetry and control and open public networks. On the other hand, enterprise systems are often routed through internet protocols and are inherently more visible. Simply, in an ideal world, SCADA and telemetry data will not be mixed with enterprise traffic. Secure separation helps ensure this data doesn’t fall into the wrong hands.

After all, a sub-station with limited security can be disabled leading to regional power-loss, or worse still, large-scale disconnection at a grid’s source. If a hacker has knowledge of how a grid is being used and can interrupt the control of grid assets at the same time, they have all the power they need for a checkmate. If the first principle of security is to separate the data’s carrier and storage, nowhere is this more important than on the cloud where the superficially attractive proposition of cost savings can lure one into holding telemetry data along with all other data used across the organization’s operations.

Paradoxically, some of the legacy technology still widely used, such as Serial Peripheral Interface (SPI), are more secure due to insulation by virtue of a physical connection. Although new IP-enabled technologies are currently deployed, this only takes place when protected within a private network or software-defined trusted network. There are plenty of examples that illustrate the level of disruption water and energy supplies are prone to. Last year, a cyberattack forced operator Colonial Pipeline to temporarily shut down 5,500 miles of pipeline when an attempt was made to tamper with the levels of sodium hydroxide in Oldsmar, Florida’s water supply. More recently in Ukraine, hostile intervention has led to the disabling of energy in wind farms.

In addition, the control of water flow becomes more critical with the increasing impact of climate change. Extremes necessitate accurate prediction and timely response to rapidly changing conditions. This must be controlled using the latest IP technology, all of which must be securely operated within public networks or operated via secure private networks. In the same way, managing diminished supplies of energy between, and within countries, depends on intelligent, smart technology automatically distributing supply to wherever it is required. It is essential that, in addition to the protection of static data, how data moves is equally resilient, and that in turn means having backup systems in place.

Secure IoT Now

As IoT becomes more embedded in industry day-to-day, it becomes vital that all devices and local networks associated have the necessary software to protect them. One such way is through software-defined wide area network (SD-WAN) technology, which keeps data locked down and secured from the outside world. At the same time, the technology ensures consistent application performance and resilience by automatically steering traffic in an application-driven manner based on business intent, security protocols, and WAN architecture. Primary bearers and platforms need to have alternatives in place, which means satellite, LTE, and 4G/5G solutions. Because telemetry data requires less bandwidth than much of the traffic going over an enterprise system, it can also be more difficult to trace, though we advise all our clients to have these backup solutions in place.

Utilities looking to embed and maintain a strategic cybersecurity program should constantly review their systems and technology alongside their connectivity partners. This is necessary to identify gaps and opportunities based on whatever threat intelligence protocols they have in place to increase situational awareness across teams.