Supply and Demand – An imbalance in the energy industry

Complex industrial control systems are key to energy generation and distribution, but the exposure of such systems introduces risks.
Published: Thu 06 Sep 2018
A blog entry by Andrew Tsonchev

Contributed by:

Andrew Tsonchev
Director of Technology
Darktrace Industrial

Andrew Tsonchev's Blog

Cyber security has been a high priority for the energy and utilities sector for years. Complex industrial control systems and geographically distributed internal networks are crucial to modern energy generation and distribution, but the exposure of such systems often introduces significant risks.

Energy and utility companies play a vital role in delivering essential services to millions of people and companies worldwide. As an integral part of national critical infrastructure, this sector is an alluring target for cyber-attacks. Cyber security is entangled with public safety as well as environmental concerns, and, as we have seen in the Ukrainian power grid attacks, disruptions and breaches can have significant knock-on effects.

As new technologies such as IoT sensors, smart meters, and integrated cloud services intertwine with legacy industrial machinery, power grids are be becoming increasingly reliant on digital innovations. Whilst enhancing efficiency and customer experience, the rapid assimilation of these systems has opened a range of potential avenues for attackers, who can exploit the interdependencies of complex networks to create systemic failures. Not only that, but for some of these older systems, patches simply do not exist, or at best, applying them is prohibitively difficult and costly.

With both transmission and distribution networks to protect, as well as central and remote sites, the unique environment in which energy and utility companies are operating requires a higher level of visibility. More and more organizations in the energy sector are realizing the powerful role AI defense can play in their cyber security program. As the energy industry’s tools develop and increase in sophistication, so too must their cyber defenses. Relying on firewalls and antivirus alone will no longer adequately protect energy companies from targeted and stealthy attacks in both their OT and IT networks. A new, more comprehensive, AI-based approach is needed.

If it seems like the fingerprint sensor controlling access to a substation is making strange connections, cyber AI will stop that specific connection, without interrupting the entire system and preventing legitimate access to the grid for several hours. The fact that these responses are proportionate, and in real time, means that energy companies can halt in-progress threats in their tracks, preventing any damage and system downtime.

The importance of a combined approach to cyber security cannot be emphasized enough. Firewalls alone cannot protect the complex networks of energy companies, just as AI-based approaches alone, whilst providing significant defense, are still reinforced by be being used in conjunction with other tools and solutions. And it’s not just technology - every employee has an important role to play when it comes to security. Implementing effective security policies and encouraging best practices among all employees, regardless of their role, goes a long way to avoiding accidental and malicious compromises.

The energy industry is generally under-prepared for the threats it is facing in the current cyber sphere, and many companies lack comprehensive visibility of their expanding digital infrastructure. Consequently, it is paramount that energy companies are protected in both their IT and OT space, are able to spot potential threats early, contain the risk, and stop it from infiltrating other parts of the network. Tackling the novelty of modern attacks amid the growing complexity of networks, requires an approach to threat detection that does not rely on prior knowledge of historical threats or definitions of what ‘malicious’ looks like. An industry wide embrace of security initiatives based on artificial intelligence will bridge the gap between supply and demand for successful security.