UTILITIES
Leaders within the Utility Industry need to allocate attention and resources to their cyber defenses commensurate with the increased risk to their businesses.
Across the industry, many organizations share the difficult challenge of keeping ahead of attackers. Smaller organizations report significantly greater concern with their own ability to complete critical cybersecurity tasks.
Attacks now target energy infrastructure with growing severity
The new industrial revolution is transforming the way utilities do business. Rapid replacement of traditional generation with renewables, like solar and wind, combined with digital performance management, is increasingly becoming a source of competitive advantage. In a recent Siemens and Ponemon Institute report, assessment was made about the maturity of the industryâs cybersecurity practices, as well as the type and degree of the threat observed by operators in the field. They found that the level of threat to Operational Technologies (OT) has indeed increased. Attacks now target energy infrastructure with growing severity. Successful attacks can cause shutdowns to critical product system, including safety systems.Â
Meanwhile, many organizations report pain points in effectively aligning OT and Information Technologies (IT) cyber defenses. Across the energy industry, many organizations share the difficult challenge of keeping ahead of attackers, while taking advantage of digitalization. Smaller organizations reported significantly greater concern with their own ability to complete critical cybersecurity tasks. These organizations were also less confident in their ability to understand the operational implications of an attacks and take action based on those alerts.
In an effort to digitize their fleet, utilities historically viewed cyber security as an afterthought. Even when new OT assets are designed with security in mind, they are often connected to broader critical infrastructure which lacks systemic security controls. As utility executives incorporate distributed and digitally connected grid technologies into their asset portfolios, their ability to withstand a cyber-attack is limited at best.
In an effort to digitize their fleet, utilities historically viewed cyber security as an afterthought. STASHÂŪ solves utilities cyber challenges with forethought and laser focus.
According to the report, the powerful WannaCry or NotPetya attacks, which affected 25% of all respondents in the past two years, are public examples of attacks that harness expertise developed by nation-state actors. Unlike ransomware attacks seeking financial information, these attacks systematically destroyed information and shutdown operations. As utilities transform their operations into digital enterprises, the surface for cyber attacks have expanded and will likely expand further into OT. The resulting risks to an organizationâs physical assets, financial liability, and reputation are high. Utility leaders must recognize that attackers today design threats against utilities with increasing sophistication â both in terms of their destructive capabilities and their ability to identify weak points in security regimes.
“There is a pervasive lack of preparedness. Only 42 percent of respondents rated their cyber-readiness as high, and only 31 percent believed they were ready to respond to, or contain, a breach. Key factors included the technical capabilities to identify threats, understanding of risk-based best practices, compliance with regulatory regimes, and internal factors within an organization. Smaller organizations needed more time (88.5 days) than larger ones (62.6 days) to coordinate responses and prioritize recovery efforts. This was also due to shortages of experts including control engineers, security specialists, and network specialists, as well as training and coordination between them”.
– Siemens Energy
“Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges”.
– IDG Research Services
“A research study conducted by Deep Instinct reports on the hundreds of millions of attempted cyberattacks that occurred every day throughout 2020 showing malware increased by 358% overall and ransomware increased by 435% as compared with 2019”.
– Help Net Security
“Ransomware, phishing will remain primary risks in 2021. Attackers have doubled down on ransomware and phishing â with some tweaks â while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports”.
– DarkReading.com
Cyber Talk
"The 5 most cyber-attacked industries over the past 5 years are healthcare, manufacturing, financial services, government, and transportation. We predict that oil & gas / energy & utilities, retail, media and entertainment, legal, and education (K-12 and higher ed), will round out the top 10 industries for
2019 to 2022".
