[Report] ICS cybersecurity for the Electric Utilities Industry

[Report] ICS cybersecurity for the Electric Utilities Industry | SPONSORED

The risk of security incidents is rapidly increasing in the electric industry, which plays a crucial role in critical infrastructure. This is due to the increasing vulnerability of the system caused by the modernization of the electricity generation, transmission, and distribution systems (i.e. digitalization, network connectivity, and the use of generic software and IT). There is also a growing threat of state-sponsored attacks. For example, in 2015, a cyberattack in Ukraine caused a power outage that severely affected many of its citizens. Find out how to achieve digitalization of power generation in times of transition.

This has led to a review and strengthening of cybersecurity regulations and guidelines throughout the power industry in recent years. For example, in April 2021, the U.S. Department of Energy (DoE)/Cybersecurity and Infrastructure Security Agency (CISA) developed a 100-day plan to improve visibility, detection, and response capabilities in the industrial control system (ICS) environments.2 3 This includes improving detection, cybersecurity risk mitigation, and investigation capabilities, developing specific 100-day milestones to identify and deploy technologies (to enable virtual real-time situational awareness and response), strengthening the security posture of critical infrastructure IT systems, and a voluntary industry initiative to deploy technology to increase the visibility of cyber threats in ICS/OT environments.

Furthermore, the White House issued the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems in July.4 The following September, The Cybersecurity and Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST) issued certain performance goals as cybersecurity baselines for each sector.5 This encouraged asset owners and operators in each industry to review their systems and organizations in order to meet these goals.

However, these directives are not unique to the United States. In Europe, the Critical Entities Resilience (CER) mandate will be expanded to the NIS Directive 2.0. Revised in December 2020, the NIS Directive 2.0 strives to improve the resiliency of critical infrastructure in both physical and cyber spheres.6 In addition, the Japanese government has been discussing their next cybersecurity strategies, which will include the protection of critical infrastructure.7

ICS/OT security has a unique history that differs from IT security, but the current and future ICS/OT environment utilizes IT; such as the cloud, CT, and private 5G. This defines ICS/OT environments as a mixture of modern and legacy systems. It is time for asset owners and operators in the electric industry to reassess their risks and update their cybersecurity strategies from this latest perspective.

Trend Micro’s report provides: 

• Cybersecurity trends for the industry’s incidents, regulations, and guidelines
• Tips to gain situational awareness across OT, IT, and CT
• An overview of the six protected areas in the electric utility environment
• How Trend Micro can reduce complexity and increase visibility to secure your critical infrastructure

Further reading: Critical Infrastructure and ICS Security Remain a Network Segmentation Problem

Sponsored by Trend Micro