Censornet: Safeguarding the Most Vulnerable People – and Their Data
By Simon Chassar, Chief Revenue Officer at Claroty
As a result of the catastrophic natural calamities that the world has faced over the last few years it has become evident that we are in an age of extreme climate change. From heatwaves to extreme winters and droughts, every region across the world is facing some form of climate disaster. Among many other mounting risks is the fact that most of our critical infrastructure is not built to sustain such events.
In August of this year, Europe faced the worst recorded heatwave in its history. As a consequence, the critical power grid systems across the region were on the brink of collapse. In fact, the UK’s power grid was pushed to the edge of blackouts, as national demand for electricity nearly exceeded supply. Extreme heat also caused several power transmission lines to swell, thus further reducing the supply of electricity in some areas.
Similar scenarios have been experienced all over the world in the past few years, and some have been more devastating than others. For instance, Texas experienced a massive power grid failure last year, as the state's wind turbine and natural gas production facilities couldn’t function due to harsh winter conditions. What followed was a state-wide power outage.
To combat such scenarios, power grids are increasingly incorporating smart technologies into their operational technology (OT) systems. The physical operation systems are being connected with smart sensors to track energy consumption and grid performance. This allows organisations to achieve real-time visibility into their supply and demand metrics, thus creating better scope for predicting outages and adverse events.
However, these smart technologies are creating a backdoor entry point for threat actors, as they can exploit the vulnerabilities of interconnected IT systems to gain physical access to critical OT systems.
While it’s vital for power grids to harness the capabilities of modern digital systems to stay ahead of unprecedented events, it’s also important to ensure that such technologies don’t lead to catastrophic security incidents. So, how can organisations strike a balance?
The overwhelming security challenges of modern power grids
Modern power grid management systems are rapidly incorporating innovative technologies within their infrastructure to improve efficiency and performance. Technologies such as smart line sensors are able to capture and process detailed power line data in real-time. Many power grids around the world are already implementing smart outage detection technology that can pull real-time weather metrics to generate valuable insights regarding any potential outage or supply and demand issue.
While these technologies can make power suppliers more resilient to extreme weather conditions, they can also introduce new issues in terms of cybersecurity due to most power grids relying on legacy OT systems which were not designed with digital or remote connectivity in mind.
For example, line sensors are often operated remotely, and they also record power line data in the cloud or in hybrid data centres. However, most power lines weren’t designed to remotely share data with cloud repositories. So, they are unlikely to have built-in security protocols such as encryption or privileged access management, making them more susceptible to sophisticated threats like ransomware and lateral movement attacks that have been traditionally seen on the IT side.
Equally, employees of this industry are generally not accustomed to considering cybersecurity or digital safety in their daily jobs, as their core responsibilities are focused on maintaining the physical functionality of the OT systems. The fundamental job description of a Power System Engineer or an Operator is to ensure reliability and uptime, not stop cyber-attacks. Therefore, they often fail to maintain effective security practices, leaving them vulnerable to threat actor tactics.
Any potential breach in such systems has the potential to compromise the critical controls of the power grids. If interconnected sensors or smart systems are disrupted by threat actors with attacks like DDoS or ransomware, it results in significant downtime for energy suppliers, thus reducing their overall operational resilience and ability to deliver power to their customers.
Finding a solution through proactive security practices
Any downtime in power grids can have severe financial consequences for utilities but more immediately, also disrupts society's functionality. However, there are almost always pre-emptive indicators of downtime — and the sooner those are detected, the sooner they can be addressed to mitigate the risk.
But how can industrial organisations attain these indicators? A proactive approach goes a long way in providing such critical insights. Firstly, organisations should emphasise network mapping and connectivity analysis. This means understanding the physical and digital locations of all devices within their environment, as well as the connectivity between each system. Essentially, what is connected to what. For example, which sensors are connected to which power lines, where are they located, and which cloud/on-prem repositories they are feeding data into. These answers should be easily answered by organisations.
It’s also essential they secure remote access tools. Implementing multi-factor authentication and managing employees' access privileges can be an effective approach to mitigating the risks of threat actors compromising remote access systems.
In addition to these proactive security practices, power grids should also leverage technologies that provide visibility, protection, and monitoring controls for industrial environments. Implementing such technology can increase the operational resiliency of modern power grids by providing comprehensive visibility of all XIoT (Extended Internet of Things) assets – that is, all cyber-physical devices that are connected to the Internet.
Continuous monitoring controls allow organisations to segment XIoT assets into logical groups for continuous monitoring and real-time threat projections. For instance, all integrated sensors across the power lines are grouped according to their functions and monitored individually. Therefore, the security teams can easily identify which sensors are vulnerable to threats and which are resilient.
As climate change continues to reach a dangerous peak, industrial systems like power grids will inevitably incorporate more smart technologies for better performance and consistent supply. Implementing proactive solutions that continuously monitor for threats or anomalies on the network, will allow power suppliers to keep innovating and managing uptime without potentially sacrificing their operational resilience.