Real answers to repel cyber attacks on public services, IT News, AND CIO


By Robert Furr

Cyber ​​security risks have become a major headache for public services. The attacks increased in intensity and frequency. Independent studies show that utility management teams are not as prepared as they should be. This white paper highlights the key areas these leaders need to prioritize if they are to mitigate the risks of cyber attacks that are sure to continue to occur.

It shouldn’t have been a surprise. But when the cyberattack hit Colonial Pipeline in May, the distributor of nearly half of the fuel used on the east coast of the United States, it caught everyone off guard. Fortunately, the attack did not prevent the delivery of fuel for long: the company closed its pipes for a few days as a precaution. However, Colonial had to pay a ransom of $ 5 million just to recover his stolen data.

The electricity sector has become a prime target for cybercriminals over the past decade. The leaders of the public services are clearly worried. Almost two-thirds of people polled in a recent large-scale study say sophisticated cyber attacks are a major challenge. More than half, 56%, say they experience at least one downtime or loss of operational data per year, resulting in failure, property damage, injury and sometimes even environmental disasters. Almost 55% of respondents anticipate an attack on their critical infrastructure in the next 12 months

It should be noted that cybercriminals target the Operational Technology (OT) infrastructure of utilities, including ICS (Industrial Control Systems), such as SCADA (Supervisory Control and Data Acquisition), Smart Substations and distribution management systems. In fact, Honeywell’s 2020 Cybersecurity Threat Study found that the number of cybersecurity threats specifically targeting OT systems increased from 16% of all cybersecurity threats against industrial systems in 2019 to 28% in 2020. In the At the same time, the number of threats capable of causing major disruption to OT systems more than doubled, from 26% to 59%.

In general, vulnerabilities are compounded by the increasing digitization of the grid, the shift to renewables, the greater reliance of utilities on suppliers and third parties, and the more remote operation of assets. And, meanwhile, utilities face increasingly stringent demands from regulators and rising customer expectations. What are public service business leaders doing to tackle the growing threats? The short answer: far from enough. In the study cited above, only 42% of those surveyed rated their cybersecurity readiness as high, and only 31% rated their readiness to respond or contain a breach high. The complexities of the challenge are daunting.

3 best practice initiatives to mitigate the risk of cyber attacks

1. Better management of supplier risks: If there has been a demonstration of vulnerability to supplier risk, it is indeed the famous SolarWinds hack. In late 2020, cybercriminals – believed to be Russian agents – infiltrated the highest levels of the U.S. government by bundling their malware into trusted software used by SolarWinds, a prominent government contractor. As electric utilities have grown in size and complexity, so has their dependence on increasingly specialized technology. The installation, maintenance and updating of this technology often involve external contractors, which opens up many other vulnerabilities. Recourse to third parties is not an easy task; some sources indicate that in many utilities, contract labor can represent more than half of total working hours. The expansion of supply chains expands the attack surface that utilities must monitor and secure. Public services must, as a priority, align with best practices in terms of supplier risk standards in their country.

2. Improved vulnerability management: A rapidly changing threat landscape and growing exposure points mean that utilities urgently need to rethink their vulnerability management strategies. This means moving from reactive strategies to a proactive, comprehensive, risk-based approach that continuously identifies, assesses and maps potential threats using data analysis and, in response, offers remedial and remedial techniques. ‘mitigation.

An effective vulnerability management system can help protect against SQL injection and cross-site scripting (XSS) attacks, where code is entered by an attacker who processes an action not intended for the purpose of the original prompt. . It can guard against faulty authentication systems that allow an attacker to gain unauthorized access or privileges. And it can help identify insecure configurations and standards that don’t meet company security policies.

The key to a successful vulnerability management program is the transition to a risk-based model that identifies and addresses the biggest threats. Organizations can start creating a program by following these four steps:

  • Identify and classify the assets of the organization. This will ensure the ability to accurately measure and communicate risks to key stakeholders.
  • Select software that matches the needs of the organization’s IT and OT footprint.
  • Determine the sweep frequency.
  • Fix and fix vulnerabilities. The hard work begins once vulnerabilities have been identified and assigned risk-based scores.

3. Continuous threat detection: utilities cannot rely on ad hoc security scans; the stakes are far too high. Cyber ​​security teams need to be able to track adverse events as they occur, not later. They must ensure that threat detection is an ongoing and rigorous business discipline.

Continuous Threat Detection (CTD) is an umbrella term for advanced threat detection that provides an additional level of security against advanced malware and zero-day attacks. It uses advanced tools and analytics, such as source reputation, executable scanning, and threat-level protocols, to analyze network traffic to enhance security. The idea begins with continuous visibility into the organization’s systems. The underlying principle: protect what you have; you have to know what you have – and know what it is doing.

The points raised above are, we hope, a sharp reminder of what must happen now. Cyber ​​threats to utilities are not going away, and the severity and impact of attacks are not about to abate. In a newly volatile world, well-equipped, tech-savvy state actors will almost certainly step up their assaults, and the dark web will continue to be a ready market for new and inexpensive ways to locate and penetrate weak entry points. .

The author is Managing Director of Capco

About Pamela Boon

Check Also

How Iranian-American Shahla Ettefagh moved to Rishikesh to open a school for underprivileged children

Ten years ago, Shahla Ettefagh moved to Rishikesh, India, with the aim of establishing a …

Leave a Reply

Your email address will not be published.