Compared to the IT industry, the energy industry is a newcomer when it comes to connectivity. Yet, as it immerses itself in digitization and integrated technologies, the industry is facing increased cyber security threats. According to the US Department of Homeland Security’s Industrial Control Systems Computer Emergency Response Team, 32% of reported cyber security incidents in fiscal year 2014 were related to the energy industry.
The fast pace of technological change is driving utility operators to look at ways of mitigating cyber security risks. How can they meet this challenge? In addition to supporting industry device security standards, operators can follow best practices for securing substations, addressing asset management and leveraging available tools.
Mounting security risks
As utility decision makers scramble to address growing cyber security concerns, they are emulating their IT peers and placing their infrastructure security houses in order. However, because manufacturers of substation products often use proprietary or product-specific methodologies to manage security, standardization and ease of management of security devices is lacking in the industry.
In addition, security monitoring is not central to the design of most embedded devices and power system applications. Therefore, bolstering security remains a challenge when it comes to operational technology (OT), the automation and control systems and components that monitor, measure and protect critical infrastructure.
The number of cybersecurity incidents and percentage of the total by industry in the US during fiscal year 2014 (courtesy of US Homeland Security Department)
Protecting OT-based devices
Substation automation vendors have developed bolt-on solutions that provide a layer of access control and monitoring. While bolt-on solutions offer the advantages of fast implementation and reduced risk of a cyber attack on OT devices, they keep cyber security functionally separate from unsecured OT devices.
What this means is that if a breach occurs in the layer of security built around power applications, devices remain vulnerable. Substation asset managers should consider upgrading their OT devices to newer devices containing built-in cyber security functions. For example, a unique user ID feature allows asset security managers to increase accountability by running complete audits of user actions.
Utility operators can also adopt monitoring methods used in the IT industry, such as Simple Network Management Protocol (SNMP), which enables IT operators to manage IP-based devices, including switches, routers, workstations and printers via a Network Management System (NMS). In the energy industry, operators can leverage SNMP to monitor data from OT devices at the NMS level in the following ways:
Device status monitoring
Device performance and communications monitoring
Cyber security is an ongoing process
Not only do utility operators need to implement new technologies and security layers to address gaps exploited by hackers, but all stakeholders – from utility site teams and suppliers to site maintenance and commissioning teams – should also be well trained on security practices. To implement these changes and to ensure cyber security compliance, utilities should instill basic security concepts in the following way:
Step 1: Define security policy
Step 2: Define processes
Step 3: Choose and implement technology
Step 4: Document.
Cyber security technology by itself, however, can only partially address the issue of cyber threats. Utilities also need to deploy the proper organization and processes in order to supplement the impact of cyber security protection technologies. One potential solution is for utilities and vendors to develop standardized processes together, so that concepts such as device configuration will be effective in a multivendor environment.