security

New power system cybersecurity architectures can be 'vaults … – Utility Dive


New utility cybersecurity strategies are needed to counter sophisticated intrusions now threatening the operations of an increasingly distributed power system’s widening attack surface, security analysts agree.

There are cyber vulnerabilities in “every piece of hardware and software” being added to the power system, the September 2022 Cybersecurity and Infrastructure Security Agency, or CISA, Strategic Plan 2023-25 for U.S. cybersecurity reported. Yet 2022 saw U.S. utilities propose $29.22 billion for hardware and software-dependent modernizations, the North Carolina Clean Energy Technology Center reported Feb. 1.

New hardware and software can allow malicious actors to have insider access through utilities’ firewalled internet technology to vital operations technology, cyber analysts said.

“No amount of traditional security will block the insider threat to critical infrastructure,” said Erfan Ibrahim, CEO and founder of independent cybersecurity consultant The Bit Bazaar. “The mindset of trusted versus untrusted users must be replaced with a new zero trust paradigm with multiple levels of authentication and monitoring,” he added.

Growing “distribution system entry points” make “keeping hackers away from operations infrastructure almost unworkable,” agreed CEO Duncan Greatwood of cybersecurity provider Xage. But distributed resources can provide “resilience” if a distributed cybersecurity architecture “mirrors” the structure of the distribution system where they are growing to “contain and isolate intrusions before they spread to operations,” he said.

New multi-level cybersecurity designs can provide both rapid automated distributed protections for distributed resources and layers of protections for core assets, cybersecurity providers said. But the new strategies remain at the concept stage and many utilities remain unwilling to take on the costs and complexities of cybersecurity modernization, analysts said.

The threat

Critical infrastructure is already vulnerable to insider attacks. 

The 2021 Colonial Pipeline shutdown started with a leaked password, according to public reports. The 2019-2020 SolarWinds attack on U.S. online business services networks went through a supply chain provider’s software update, CISA acknowledged. And Russia’s 2015 shutdown of Ukraine’s power system was through authenticated credentials, likely using emails, CISA also reported.

In 2021, there were ransomware attacks on 14 of the 16 U.S. “critical infrastructure” sectors, including the energy sector, the FBI reported. And new vulnerabilities allowed attacks that also caused data losses, disrupted network traffic, and even denial-of-service shutdowns, according to technological and research firm Gartner.

Attacks on utility OT can come through distributed solar, wind and storage installations, employee internet accounts, smart home devices, or electric vehicles, Gartner, other analysts, and the May 2021 Biden executive order requiring improved power system cybersecurity agreed.

Existing Critical Infrastructure Protection, or CIP, Reliability Standards established by the North American Electric Reliability Corporation, or NERC, are inadequate, a January 2022 Notice of Proposed Rulemaking from the Federal Energy Regulatory Commission said. They focus only on defending the “security perimeter of networks,” the commission said.

“Vendors or individuals with authorized access that are considered trustworthy might still introduce a cybersecurity risk,” the rulemaking said. The RM22-3-000 proceeding will provide direction on how to update CIP standards to better protect utilities, federal regulators added.

The most recent Biden administration and FERC initiatives focused on the power sector, though utilities and system operators declined to reveal information about vulnerabilities or actual attacks.

There were an “all-time high” 20,175 new OT vulnerabilities in U.S. networks identified by cybersecurity analysts in 2021, according to a 2022 assessment by cybersecurity provider Skybox Security. And faster and more frequent exploitation of new vulnerabilities in 2021 showed “cyber-criminals are now moving to capitalize on new weaknesses,” it added.

Readers Also Like:  4 Steps to Centralized Management for Cloud Security - FedTech Magazine



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.