Cybersecurity risks can occur daily, taking multiple forms. While there are personal measures that the general population can do to eliminate some of these risks, power utility companies must take a more aggressive approach to keep the communities they serve safe and their security unquestioned.
Should a power utility company face a cyberattack, it could potentially lead to shutdowns leaving countless people without electricity, or put its customers at risk of hackers gaining access to sensitive personal data.
We’ve seen first-hand how a population can suffer from an unstable power grid after roughly 20 million Texans were left without electricity in the powerful February 2021 Winter Storm Uri. Utilities were left in a dreadfully vulnerable position, with the power grid extremely strained.
That’s not to mention the material shortages that have impacted supply chains responsible for necessary services and goods that provide residents with safe and reliable energy. It has created production interruptions, while the demand has exceeded the available supply, putting a strain on supplies that utility companies use daily.
As we enter the autumn months of the year, we’re considering what kind of weather we should anticipate for the winter season. With one that’s expected to bring record-breaking cold temperatures in some areas, it’s not surprising for people to be scared of another nightmare scenario when it comes to their energy supply. No one wants to be left without power or clean water.
On another note, it was just a few short years ago when a malware attack on the utility sector inflicted damage by sending fraudulent emails that looked like they came from the National Council of Examiners. At that time, hackers organized and performed an attack that contained malicious macros. There was also a ransomware attack that led to the Colonial Pipeline Company having to shut down its pipeline system for several days. In this instance, the attack disrupted operations in a big way, as the 5,500-mile-long system carried 3 million barrels of fuel between Texas and New York each day. The occurrence was deemed a national security threat and declared a state of emergency.
These are just a few examples that show the clear vulnerabilities power utilities face. We know there is damage that can come to an energy sector when there is a disruption to the power grid’s operations – even more so for smaller, more vulnerable electricity providers. In addition to the danger it can pose for consumers, these threats can also directly impact our economy. There is now no doubt that protecting the energy sector has never been more important, yet there is no company that is immune to an attack. It’s simply not possible to protect critical energy infrastructure with outdated software and protocols. Utility companies today should make the decision to upgrade now to ensure the power grid and the population it serves are protected.
The best way public utilities can safeguard business and their customers is by mitigating risks where it is at all possible. Utilities are inherently more vulnerable to malware attacks when there are supply chain disruptions. During a time like this, if a company must make the choice to provide service with less-than-ideal equipment and a smaller support team, it can create an environment where there simply isn’t enough focus on cybersecurity threats. This is especially concerning upon looking at a cybersecurity intelligence report that showed an astonishing 95% of cybersecurity breaches are typically caused by human error.
Knocking Out the Risks
A next-generation artificial intelligence-fueled cybersecurity platform that utilizes a holistic approach can allow power utility companies to develop successful and dependable cybersecurity programs that will recognize and safeguard critical assets while remaining compliant with federal regulations. These would include irreproachable critical infrastructure protection (CIP) management, cyberdata collection in real-time, monitoring of cybersecurity threats and audit readiness for utilities. It can also provide records that are more readily available, better access to information that’s critical and reduced data errors, all while being rapidly deployed and implemented into a company’s existing operations.
Essentially, this will ensure all the cyberdoors are locked and monitored every second of the day. This cloud-based managed security service is specifically designed for utilities, with continuous cyberthreat vigilance and comprehensive remediate guidance. Not only does it decipher and provide an alert if any type of cybersecurity threat is detected, but it will do the same if there is any detection of malware or viruses. Managers can execute thorough evaluations of servers, laptops and smartphones, control systems and other connected devices.
Shining a Light on the Shadows
Securing our energy sources is an urgent necessity because hackers are always waiting in the shadows, ready to pounce at the first sign of vulnerability. It’s vitally important for energy customers to know that their information and well-being are the utmost priority. This can be done with the implementation of an end-to-end solution that protects all of the organization, while also having a keen eye on any vulnerabilities within all applications and operating systems.
—Robert Nawy is CEO of IPKeys Cyber Partners, provider of an industry-leading, secure OT/IT intelligence platform that addresses the complex cybersecurity, data, and critical infrastructure protection challenges faced by operators of mission-critical networks for customers in the energy, government, public safety communications and industrial markets.