Cybersecurity Threats – The New Reality for Utilities

  /  ICS Security   /  Cybersecurity   /  Cybersecurity Threats – The New Reality for Utilities

Cybersecurity Threats – The New Reality for Utilities

Cybersecurity experts agree: Cyberattacks are the new reality for utility companies. On Jan. 10th, 2018, a major power outage hits the Consumer Electronics Show (CES), Las Vegas. For nearly two hours, participants were reminded that without electricity, the digital economy would not survive very well. In 2016, 3.85 trillion kilowatthours (kWh) [EIA] was consumed in the U.S., enabling consumers, transportations, commercial and industrials business to perform their daily activities.  No doubt that over the world, national and regional power grids are critical infrastructures requiring adequate protections such as the North-American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan. 

On Dec. 23, 2015, a major cyberattack on the Ukrainian Kyivoblenergo, the country’s regional electricity distribution company, left 10 substations disconnected for more thanthree hours. A foreign attacker had remotely controlled the SCADA distribution management systemgrid, which knocked out power distribution to more than 225,000 people across the region. Why the power went down wasn’t immediately known. However, shortly after the incident, Ukrainian government officials as well as private companies and the U.S. governmentperformed analysis and determined the outages were caused by a cyberattack, and that Russian security services were responsible for the incidents.

According to many cybersecurity experts and as published by IIoT World, these attacks are on the rise and becoming more sophisticated. It’s not about if, but when they occur.

What does that mean for utilities? It means that preparing for cyberattacks must become the new normal for utilities. Physical Security and cybersecurity of the critical assets must be integrated in smart grid design, products selection and deployment, increasing the readiness for attacks protection and mitigation. Regular staffs training on cybersecurity, disaster recovery plan definition and audits must be high priority on Senior leaders objectives. Building an end-to-end, complete grid security solution is imperative. Find more about the best cybersecurity risk mitigation strategies.

Here are four things to know:

  • It’s not a matter of if your security perimeters get compromised, but when. 
  • Attacks are going to get more frequent and sophisticated.
  • Products, tools, best practices and more are available to help companies protect their infrastructures and mitigate the threats.
  • We made significant investments and we have a lot of momentum in the security space.

Our mantra is that every device on the network is a security asset. For a Utility company, that means from production to transmission (in or out the substation), to distribution (down to the meters and distribution assets), all operations issue from the control center, operations center and the data center to and from the grid are covered.

Outsmart the cybersecurity threat

We’re seeing an evolutionary shift from aging legacy systems, process control systems protocols and unconnected devices. With legacy protocols, nobody could detect or know about threats. Now, these systems are being retrofitted and architectures are developing to make these newly connected devices more secure within the distribution grid. 

We now have a level of visibility into the network that we didn’t have with the legacy systems. We can detect an anomaly, determine if it’s normal or abnormal behavior and then provide intelligence about what is going on. 

Here’s an example of the power of our security system. Imagine that there is an analyzer on a transformer pole in the middle of Idaho. Using profiling and analytics, we are able to monitor the traffic and detect any anomalies. We will know if it’s going to an unusual destination (another country, for example) or if it’s not being sent via DMP or Modbus. 

If anything unusual is detected—if, for example, someone modifies our device or software on purpose or by accident, Cisco can detect the change, reconfigure it and change it back, reject it from the network or reset to the factory standards.

When we design a network for security, it’s a mix of best practice, product, and design. We can protect what we know, but at the same time, you have to mitigate what you don’t know. Mitigating the effects of the attack through product design is just as important.


This article was written by Dave Schmitt, Global Utility Solutions Architect, Kinetic Industrial Products Group. Dave has been with Cisco Systems over 17 years, 15+ of those years working with and supporting Utilities of various sizes. He has overall more than 30 years experience in the computer and networking industry. Dave has supported design and managed networks for some of the largest public and private institutions globally. Read the original version of this article here.