Keeping the Energy Sector Secure in the Growing OT Threat Landscape

Keeping the Energy Sector Secure Amidst Growing OT Threats

The energy sector is facing an uptick in cyberattacks. Here is some advice on how the industry can protect itself.

Written by Damiano Bolzoni
18th June 2019

The energy sector’s information technology (IT) and operational technology (OT) systems are increasingly under attack. Used to run these utilities’ businesses and provide power to our society, these systems are seeing targeted attacks on critical systems, and it is time for this sector to find new ways to protect itself.

Thanks to the digitization of infrastructures, the traditional IT/OT operational hierarchy is flattening, precipitating a convergence of the two. This fact poses a problem — particularly for the energy sector — because conventional cybersecurity methods and mainstream IT products do not necessarily translate to industrial control system (ICS) environments.

With the growing proliferation of IoT and IIoT products, a broader threat landscape is emerging, leaving critical infrastructure extremely vulnerable to malware and other cyberattacks. Additionally, as hackers continue to employ and develop open source code and sell targeted hacker toolkits on the dark web, new compromised entry points are exposing large businesses every day.

Forrester reports that 100% of organizations now have IoT or IIoT technologies connected to their ICS networks, with an average number of four external systems involved. This connectivity creates an even more open and vulnerable environment for malicious adversaries to target critical infrastructure. With publicly available tools such as Shodan and Kamerka, hackers can not only identify unprotected control systems linked to the Internet but now have a street view of where those systems are located, potentially identifying the facility and business where those vulnerable OT endpoints reside. Throw in targeted attacked against the safety systems in critical infrastructure enabled by the Triton malware framework, and you now have a worst-case scenario incident to consider in your next cyber threat risk impact assessment.

Why is this so unnerving? Because successfully executed attacks on critical infrastructure and ICS can disrupt or destroy systems like power plants, natural gas pipelines or the electric grid. Prolonged power outages can lead to societal unrest, degrade our standard of living and cause the loss of human life. Meanwhile, without electrical power, there is no Internet, no banking, no communications—just chaos and disruption.

Utility companies are pouring trillions of dollars into upgrading the electric grid infrastructure. To maximize this ROI and maintain operational efficiency, these ICS assets and infrastructure need to be detected and monitored in real time.

That is why it’s essential for the energy sector to have in-depth device visibility into their OT/ICS networks in order to continuously and passively discover, classify and monitor these devices against threats without disrupting critical business processes.

Uncertainty acts as kryptonite for the energy sector. Accenture notes that 71% of organizations say cyberattacks are still a “bit of a black box,” meaning they don’t know when or how breaches will impact them. SANS Institute reports that 15% of organizations affected by a breach need more than a month to realize it, while 44% never identify its source.

Michael Van Chau, OT security practice lead at Accenture, sums up his insights, “Oil and gas companies have long relied on the inaccessibility of their critical infrastructure through air-gapping or other ‘old school’ forms of protection such as safety barriers, but such measures are no longer enough. For the most part in the US, these systems are no longer air gapped and each new digital application increases the company’s attack surface, leaving energy companies with a real cybersecurity dilemma: how do you balance the benefits of digital operations to enable the business while keeping the manufacturing and production sites safe and secure?”

Van Chau also reflects that “virtually every energy business has invested in comprehensive environmental, health and safety programs designed to prevent and remediate safety and environmental issues in operations. But many have not made the link between safety and cybersecurity, even though a successful cyberattack on an OT environment could result in the same level of impact. As a global leader in OT security remediation and deploying solutions that address security control gaps in the field, Accenture is helping organizations […] innovate ways to rapidly mature the cybersecurity posture of OT in their critical infrastructure.”

An enhanced network monitoring and situational awareness platform for OT/ICS in the utility and energy sector will improve both asset visibility and performance management. It can also help prevent and detect potential incidents before they damage the network.

Continuous monitoring can also help the energy sector understand their network architecture and a baseline of “normal” behavior for greater threat remediation. With this data and insight, they can better detect when systems, devices and people deviate from the baseline. This allows network administrators and OT managers to focus their time and resources on mitigating the most critical threats.

A comprehensive, intelligent OT/ICS network monitoring platform can also afford the energy sector with increased productivity and lower risk profiles. Automated incident response allows for the swift prevention of malicious access to systems and networks while improving audit compliance to boot.

IT/OT convergence means there are more security implications to consider than ever before. It’s imperative energy sector security teams possess complete situational awareness of the assets on their network and understand their operational risk profile. In just two short years, energy sector security teams have become responsible for 70% of OT security, according to Gartner. That means they need the visibility, control and flexibility to protect their firms.

With an integrated IT/OT security strategy in place and a unified device visibility and control platform at the ready, the energy sector will be well poised to establish the sort of cyber resiliency needed to create a safer, smarter grid that’s more reliable, efficient and secure.

Damiano Bolzoni is the vice president, industrial and operational technology at Forescout Technologies.