For the better part of the past decade, utility companies have been more concerned with the potential for outages than cyberattacks, but this has changed over the past several months. The Colonial Pipeline ransomware attack and the remote cyberattack on a Florida water treatment plant put cybersecurity top-of-mind and made it clear hackers can do real-world damage.
The Biden administration took notice earlier this year, passing its cybersecurity executive order. The administration called for several measures, including automated security strategies, continuous monitoring, and more. These are good and essential guidelines, but the question remains: what exactly can utility companies do to ensure they’re keeping their infrastructure safe and (literally) keeping their customers’ lights on?
Mounting Cybersecurity Challenges
Unfortunately, there’s no easy answer to this question, thanks to a complex set of connected circumstances. Utility companies understand they need to upgrade aging infrastructure, but many don’t have the time or budget to do so—and certainly not quickly. This challenge is compounded by the fact much of the technology on which utilities rely is highly proprietary, with different custom protocols and regulations for each industry.
Hackers look at these issues and see low-hanging—and profitable—fruit. For example, the attackers who hacked into the Colonial Pipeline received nearly $5 million for their efforts, much of it in cryptocurrency, which is harder to trace than regular cash. No wonder ransomware attacks have increased more than 300% in the utilities and transportation industries.
Modernizing Network Monitoring
And yet, as the cyber storm continues to brew around them, there are some strategies utility companies can employ today to protect themselves. The following recommendations don’t require an immediate, extensive reworking of existing infrastructure (though this should surely be on the docket). Instead, they call for a next-generation approach to network monitoring, one capable of providing utility companies complete visibility into their expanding and vulnerable attack surfaces, including distribution systems, internet of things sensors, communications networks, and more.
Focus on the Entire Network Including Connected Devices and Sensors. The Florida water system attacker leveraged a vulnerability in software allowing remote access to the plant’s Incident Command System (ICS). Meanwhile, software vulnerabilities have been discovered in millions of connected devices, including those used by utility companies.
Given these factors, it’s not enough for utilities to simply monitor their on-premises networks. They must have insight and observability into the entire network—including remote assets at the edge—and must be able to monitor every endpoint and all remote systems so they can detect anomalies across their entire infrastructure and map incidents back to their point of origin. This is the only way to effectively protect infrastructure and minimize the potential attack surface.
Set Up Intelligent Early Warning Systems. Time is one of the most critical factors when it comes to mitigating cyberattacks. The longer a hacker has access to the system, the longer their activities go without notice, and the more damage they can do. The hackers who infiltrated the Colonial Pipeline had room to roam the network for more than a week before their activities were detected.
The Colonial Pipeline incident underscores the need for early warning systems capable of automatically detecting and alerting administrators to anomalous network activity. But the sophistication of today’s hackers demands an equally sophisticated approach to monitoring. Artificial intelligence (AI) can be used to monitor potential intrusions and intelligently discern activity posing a true threat to the facility, proactively alerting administrators. Having the system filter out true threats from extraneous noise allows administrators to focus on the most important things. AI can also be configured to proactively and automatically respond to threats and implement mitigation measures when a specific event occurs.
Analyze Performance Across the Entire IT Infrastructure. Cyberattacks are not the only threats capable of inhibiting utility companies’ ability to deliver high-quality service to their customers. Other events—routine network slowdowns, congestion, storage system hotspots, and, yes, network outages resulting from an attack—can all contribute to an organization’s inability to provide electricity, water, or other essential services.
Thus, it’s important for administrators to analyze performance across all aspects of their IT infrastructure, particularly when a suspected problem arises. Tracing this problem to the source can be challenging in a vast network of IT infrastructure, but not being able to do so could result in extended periods of downtime and further damage. Being able to simultaneously and automatically analyze performance across the network, storage, servers, applications, and more is critical to maintaining functioning and reliable service.
Preparing for the Next Threat
No one can predict the future, but we do know the number of cyberattacks against public sector utility companies will continue to grow. The Government Accountability Office said utility companies are “increasingly at risk from cyberattacks” and is encouraging preparedness.
Given the urgency and gravity of the situation, utility companies must do everything they can to protect themselves and, by extension, their customers. Yes, upgrading aging infrastructure is vitally important, but absent this, organizations can—and must—take immediate steps today to bolster their cybersecurity defenses.
—Brandon Shopp is group vice president of Product Strategy at SolarWinds.