According to the World Economic Forum, utilities are currently facing a perfect storm. Not only are they experiencing digital transformation, but they are also preparing for a more dispersed energy landscape and at the same time protecting customers against disruptions. With the threat to critical infrastructure increasing in recent years, more needs to be done to ensure the sector remains secure.
Despite innovation and digital transformation becoming pivotal areas for the utilities sector, it is obvious that the pace of technological change can become a gold mine for cybercriminals and a potential battlefield for nation state adversaries, giving them new attack vectors to focus on.
With the potential threat only set to rise, the utilities and energy sector needs to be acutely aware of the potential danger posed by cyber-attacks like these. Businesses must be prepared to defend themselves and be able to deal with attacks quickly and efficiently. But how can companies do this when attacks are becoming ever more sophisticated?
Ensuring cybersecurity is built into operating models
To deliver reliable services to society, critical infrastructure providers need to ensure cybersecurity is built into operating models. But how do companies know where to prioritise their efforts when the number of adversaries is growing and motives are so varied, ranging from financial gain, to geopolitics to sabotage?
There are several stages to tackling this effectively. The first thing organisations must do is to quantify risk – how likely an attack is, how prepared defences are currently and what the potential damage could be in terms of impact to the public, cost and reputation. Understanding this can help businesses understand where investment must be made and the risk of not doing so.
From there, a key element is gathering intelligence. However, this is not limited to intelligence gathering from within the organisation. In the fight against cyber adversaries, collaboration is key. This means combining threat intelligence gathered by internal security teams with insights gathered by other companies in the sector. These insights can also be integrated with information from a number of different locations and industry sources, such as the Electricity Information Sharing and Analysis Center (E-ISAC), Supervisory control and data acquisition (SCADA), Oil & Natural Gas Information Sharing and Analysis Center (ONG-ISAC) and Department of Homeland Security (DHS).
This will help organisations build a better picture of the adversaries they face, the methods they use, and the vulnerabilities they target. From there, security teams can better understand how best to defend themselves. For example, if intelligence reveals that a criminal group is targeting businesses across the industry with a targeted spear phishing campaign, using COVID-19 as a lure, steps can be taken and defences can be put in place.
The more you know, the better you’ll be able to respond to a new threat. Basic details including where the malware comes from, what it does, and how it was targeted in the past can help form the basis of an intelligence-led defence.
Creating a single source of intelligence
Having the right intelligence, however, is not enough to ensure that intelligence is turned into action. Integrating internal security tools and technologies, while also connecting to external sources, creates a single source of intelligence that feeds operations and enables organisations to direct action against the threats that matter most. The outcomes of those actions also feed intelligence, providing the ability to further refine the efficacy of the entire security lifecycle.
This approach provides a continuous feedback loop for the people, processes and technologies that make up the security programme. It also allows businesses to keep up with threat actors that are constantly adapting their methods to profit at the expense of others – something that will not stop anytime soon.
Intelligence doesn't exist for its own sake: it exists to inform decisions. There are automated platforms that make it easy to take action on information pulled together in this way, further simplifying the process and allowing staff to send indicators to be blocked or assigned to an analyst for further investigation.
Automation can take much of the load of back-end administration off the shoulders of the analysts, leaving them to apply their expertise to the decision-making process once all relevant information has been combined and parsed. That adds up to a more effective defence and a more economical spread of resources.
Identify the pain points to raise awareness
Utilities companies need to take the right steps to ensure they can mitigate future threats to their infrastructure. Across the board, utility executives, managers and security professionals need to hold crucial discussions and recognise the current pain points in their infrastructure, to not only increase awareness but to also ensure best practices are created to eliminate threats.
It’s simple. If businesses quantify the risks they face, increase collaboration and use intelligence to inform decisions and automate defences, there is no doubt that they will be in the right position to defend themselves against the ongoing threats to their infrastructure.