Keeping industry cybersecure while embracing digitalisation

In an article by cybersecurity expert Andrew Tsonchev, Director of Technology for Darktrace Industrial, we learn about the evolution of cybersecurity and the demands of modern utility infrastructure.
Published: Thu 09 Aug 2018

There’s no doubt that digital interconnectivity is bringing huge benefits to the energy sector. The ability to observe and respond to data in real time cuts costs and lowers waste and emissions.

The British National Grid is already hoping to meet 50% of grid balancing requirements by 2030 purely through real-time adjustments to supply and demand using smart technology.

As global energy demands will continue to rise for the foreseeable future, maximizing efficiency and savings will prove critical. In addition, non-traditional IT, or the Internet of Things (IoT), is greatly improving customer experience.

Smart meters, for example, provide previously inconceivable amounts of data and control to both consumers and organizations. The utilities market for IoT devices is expected to reach $12bn by 2020. Customers, competitors, and shareholders will leave providers little choice but to engage with these new technologies, or risk getting left behind.

These technological changes also bring certain negatives, primarily through the vastly increased cyber-risk of a highly interconnected utilities system. Traditionally, critical national infrastructure has relied on industrial networks which were kept separate from corporate networks, providing a greater measure of security.

IT-OT convergence and cybersecurity

However, the increasing convergence of operational technology (OT) and IT systems, driven by economic and competitive pressures within the market, has left industrial networks more susceptible to the types of cyber-attack more typically associated with corporate networks.

The challenge is amplified by the unique nature of OT systems. As they are custom built, often evolving over many years in a piecemeal manner, they pose a problem that traditional security tools are ill-equipped to handle. Coupled with the increased adoption of IoT devices, it is clear that the traditional OT environment has become considerably more diverse and complex to manage.

In short, cyber-threats have rapidly emerged as one of the greatest challenges for energy companies. The sector is uniquely exposed to cyber-attack, and, beyond economic costs, the potential for human and environmental destruction is unparalleled.

The sector is of particular interest to state-sponsored hacking groups which often pose the most complex and dangerous threat. The US Department of Homeland Security recently confirmed that Russia compromised several of the country’s utility companies in 2016 and 2017.

Concerningly, these hacks put the attackers in a position to actively take control of the systems. The scale and significance of the breaches witnessed in the last few years alone demonstrates that legacy models, such as perimeter security and rule-based solutions, are insufficient for cyber defense.

The majority of security incidents emerge from within the organization – especially from the connected corporate networks. People, whether through error or malicious intent, will always be the weakest link in the network.

In the US utilities hacks, access was gained via trusted vendors, using real employee details. This insider threat is extremely difficult for legacy approaches to deal with.

AI for cybersecurity

Darktrace Industrial is a cyber artificial intelligence (AI) defense technology designed specifically to detect subtle and unseen cyber-threats which often go undetected by more traditional methods. Indeed, the question of protecting the energy industry has always been at the core of our business - our very first customer was Drax Power.

Darktrace Industrial is unique in its approach to the question of cyber defense, using machine learning to detect and respond to cyber-threats that evade firewall and rule-based technologies, which rely on identifying previously-seen threats.

Due to its self-learning approach, Darktrace technology is always vendor and protocol agnostic, specifically tailored to its environment, meaning it can detect anomalous behavior regardless of its source. It is uniquely capable of responding to both insider threats and external threats, as well as zero-day attacks. Consequently, unlike traditional approaches, it is equally effective when securing the more unusual and distinct systems used in OT.

By passively monitoring network traffic across OT and IT, Darktrace Industrial automatically models the normal ‘pattern of life’ for each user, device and controller in the system. This unsupervised machine learning allows it to identify any potential issue or threat within seconds – before it is able to cause harm or develop into a crisis.

When it comes to critical national infrastructure, it is understandable, even responsible, that many organizations have been hesitant to fully exploit the opportunities afforded by digitalization, IoT, and increased connectivity.

By using technology that starts working immediately, utilities can provide cyber security that allows them to focus on the maximizing the efficiency, value and competitivity of their services.