Utility Week

UTILITY WEEK | 23rd - 30Th SEpTEmbEr 2016 | 25 Operations & Assets Market view A s the energy industry increasingly moves towards automation and con- nected services, it is attracting the attention of hackers. These threat actors are looking to cause widespread disruption, meaning the pressure is on to defend this arm of critical infrastructure. Cyber-security incidents are escalating in volume and complexity. While still new to the age of connectivity, the energy industry is becoming increasingly aware of cyber- security threats and the need for standard- ised, effective solutions to combat them. The energy that utilities provide serves as the lifeblood of a functioning modern society. But the facts speak for themselves: a report by the European Union Agency for Network and Information Security (ENISA) on the Cost of Incidents affecting CIIs (Critical Information Infrastructures) found that the energy sector, alongside the finance and ICT sectors, has the highest incident costs – and these attacks are on the rise. Where vulnerabilities lie Now that cyber security is a top-of-mind concern, utility stakeholders are mimicking their IT peers and seeking ways to strengthen their infrastructure security. Just look inside the industry's substations, where propri- etary devices once considered for specialised applications are now being scrutinised for vulnerabilities. A‡er all, the sensitive infor- mation found there (such as online docu- mentation that describes how these devices work) can be accessed via the internet by anyone, including those with malicious intent. Electrical substations today are character- ised by different mixes of information tech- nology (IT) and operational technology (OT). Operational technology is defined as the automation and control systems and com- ponents that monitor, measure and protect critical infrastructure. There are many ways to access computer systems. The number has increased dra- matically now that employees commonly use mobile devices or USB keys to connect. With so many devices in play, the chances of malicious so‡ware invading these systems increases. This could cause a utility's control system or network to go down and damage substation systems that control the grid – affecting not only a busi- ness, but also the economy and security of a country or region. To address this problem, many substation automation vendors have tried the bolt-on security approach, keeping cyber security functionally separate from non-secured OT devices and building a layer of security around them. This approach may allow for a layer of access control and monitoring, but once the initial layer is breached, devices remain vulnerable. While bolt-on solutions allow for a fast implementation to reduce the risk of a cyber attack on OT devices, substation asset managers should consider upgrading their OT devices during their lifecycle to newer devices containing built-in cyber-security functions. The seven pillars To help prevent system unavailability and quickly recover from a security incident, it is essential to have a robust cyber-security programme in place. An integrated cyber- security solution designed for critical infra- structures allows users to increase the safety, availability and reliability of industrial control systems. The seven steps below should form the key elements of any utility company's security plan: 1. Identify critical cyber assets Identify the assets that are essential to oper- ations and ensure that there are up-to-date back-ups of these, which allow for quick recovery in the case of loss or failure. 2. Minimise access to the most sensitive information Partition the sensitive data inside communi- cation pipes. Sometimes wide area networks (WANs) are used for multiple purposes, such as internet protocol (IP) telephony, CCTV, teleprotection, and supervisory control and data acquisition (SCADA). Segment and use quality of service to preserve critical functions according to priority. 3. Control user access Restrict users' electronic and physical access to prevent unauthorised access of confiden- tial and critical company information. 4. Implement patch management policies Eliminate known security vulnerabilities by implementing a system that monitors and applies so‡ware patches. 5. Prevent malicious so•ware attacks Protect against malicious programmes using application whitelisting, which allows only authorised applications and services to run on a computer. 6. Develop a disaster recovery and response plan Ensure processes, policies and procedures are in place to recover critical technology infrastructure in the event of a breach. 7. Monitor cyber systems for attacks Monitor systems continuously for signs of attack, such as failed logins and account deletion and creation, and ensure an alert system is in place for reporting any attacks. Implementing these strategies is critical for protection. However, given the prolifera- tion of cyber-security breaches across indus- tries in recent years, many experts believe it is no longer a question of if, but when, a company will experience a breach. With this in mind, utilities also need to deploy the proper recovery tools and pro- cesses to supplement the cyber-security pro- tection technologies put in place. Not only will this mitigate the damage to systems, it also minimises the substantial damage that can be done, in terms of financial impact, and brand value and reputation – some of today's biggest differentiators. John Langley-Davis, product marketing manager – energy, Schneider Electric Seven pillars of cyber defence The energy sector's critical infrastructure has been identified as among the top global targets for hackers, so John Langley-Davis offers seven pillars of cyber defence to consider in a security plan. Identify the assets that are essential to operations and ensure that there are up-to- date back-ups of these, which allow for quick recovery in the case of loss or failure

• Cover