Aging infrastructures, shifting consumer behaviours and expectations creates a two-headed beast of a challenge for utilities: network visibility and security.
Both of these in themselves pose difficulties alone - a lack of network visibility makes optimising operations and services harder, and not being cybersecure can open organisations up to dangerous, costly attacks.
Canadian energy distribution company Energy+ identified these as key challenges to address in order to stay ahead of cyber attackers and improve network security and services, and with these aims in mind sought out a solutions provider.
Ultimately, Energy+ turned to the experts at Darktrace Industrial, implementing a machine learning solution which mapped the entire network, including every user and device, on to its graphical interface with no need for tuning or system configuration.
In conversation with Andrew Tschonev, Director of Technology at Darktrace Industrial, we discussed the outlook for cybersecurity in the energy and utilities sector, with a deep dive into how Energy+’s deployment of Darktrace Industrial led to improved security and network visibility.
Increasing cyber threats to utility sector
In Tsonchev’s experience, there has been a sudden surge in demand and interest from utilities seeking to secure their systems.
He believes this is due to the rapidly developing and changing difficulties they are facing due to increased cybersecurity risks and evolving pressure on technology systems: “The challenges that energy companies and utilities are facing are coming to a head in a rather unique way at the moment which wasn’t the case only six months ago. They’re up against a more difficult position than they were then.”
In his eyes, the relationship and evolving partnership between Darktrace and Energy+ is exemplary of that change. He says: “We’ve worked with Energy+ for a while now, and our journey with them mirrors that changing attitude towards cybersecurity in this industry.
“When we first engaged with them, we were discussing their enterprise security and their corporate systems. One of the main benefits we were trying to give them was visibility into their different systems, and after we installed our solutions and they saw the benefits, we worked with them more closely and started to address some of the issues they were having with their industrial control systems (ICS) as well.”
European outlook for cybersecurity in utilities
The concerns Energy+ had are consistent with those in utilities the world over: how do they protect high level threats? Tsonchev explains that traditional defenses, whilst historically effective, don’t have the capacity or intelligence to be proactive in cyber defense, and cannot deal with the sophisticated level of threat vectors now facing the power and utilities industry.
Further to this, every stakeholder in the grid is now a target. Tsonchev says: “It’s not just the largest providers that are getting targeted - regional utility providers and their small-to-medium sized energy companies are also subject to these attacks at a quite high frequency. There are lots of famous case studies where dams and small regional distribution centres are attacked.
“Every part of the complex and interconnected grid systems, internationally and nationally, are vulnerable to these attacks as part of a critical infrastructure.”
He notes that in his experience, the concerns surrounding cybersecurity are universal - the approaches and driving factors, however, may not be, and tend to revolve around the regulation and organisational structure of a region.
In Europe, for instance, he says: “Most of the work at the moment is focussed around the NIS security directive. I think it’s doing a lot of good, especially in the UK where it’s being enforced to a very rigourous degree. There’s a lot of pressure for utilities and suppliers to comply with them and put in place measures to defend their systems against cyber attacks.”
He feels this has resulted in a more proactive approach, specifically towards defending legacy control system technology in Europe than in the US, which he attributes specifically to this regulatory pressure.
IT-OT convergence and cybersecurity
With ICS increasingly becoming the focus of cyber attacks, Energy+ extended its use of Darktrace’s solutions from its IT side into its operational technology (OT), hoping to stay ahead of increasingly sophisticated attackers.
Tsonchev feels this convergence is at the heart of current cybersecurity challenges: “The IT-OT convergences are testing distribution system operators to different degrees. Leveraging that increased convergence has enabled us to give a consolidated and standard security approach. We see again and again in this space a real desire to do that, to unify the security approach across the IT-OT systems.”
Tsonchev says: “It’s the erosions of distinctions between IT systems and OT systems that is a defining factor of the challenge in cybersecurity this year and over the next couple of years. The NIS directive draws attention to that explicitly in the way that it conceptualises the problem in terms of identifying essential services - the things that have the potential to cause critical impact at a national level if they are disrupted.”
In infrastructures such as those found in distribution companies, where no single part operates independently, Tonchev argues that cybersecurity measures must be taken in a more holistic way to ensure the full protection of the system.
Key to keeping ahead in the ongoing battle against cyber attacks, Tsonchev argues, is to collaborate with fellow utilities and constantly seek out new ways to improve: “The part they can do is as far as possible to make sure they unify security across everything they control - cloud systems, IT, OT, and hold their suppliers to a high degree of scrutiny, and make sure they do the best they can to encourage collaboration across organisations.”
Tsonchev will be appearing in an upcoming Engerati webinar, “AI and cybersecurity - Applying machine learning to utility cyber defence”, where he will provide further insight into the opportunities of disruptive technology against cyber attacks. Register ahead of the live broadcast on Thursday 27th September to explore how intelligently curating machine learning can create more proactive cybersecurity infrastructures.