https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Energy/Utilities


Getty Images

power grid

Keeping the Energy Sector Secure Amidst Growing OT Threats

The energy sector is facing an uptick in cyberattacks. Here is some advice on how the industry can protect itself.
  • Written by Damiano Bolzoni
  • 18th June 2019

The energy sector’s information technology (IT) and operational technology (OT) systems are increasingly under attack. Used to run these utilities’ businesses and provide power to our society, these systems are seeing targeted attacks on critical systems, and it is time for this sector to find new ways to protect itself.

Thanks to the digitization of infrastructures, the traditional IT/OT operational hierarchy is flattening, precipitating a convergence of the two. This fact poses a problem — particularly for the energy sector — because conventional cybersecurity methods and mainstream IT products do not necessarily translate to industrial control system (ICS) environments.

With the growing proliferation of IoT and IIoT products, a broader threat landscape is emerging, leaving critical infrastructure extremely vulnerable to malware and other cyberattacks. Additionally, as hackers continue to employ and develop open source code and sell targeted hacker toolkits on the dark web, new compromised entry points are exposing large businesses every day.

Forrester reports that 100% of organizations now have IoT or IIoT technologies connected to their ICS networks, with an average number of four external systems involved. This connectivity creates an even more open and vulnerable environment for malicious adversaries to target critical infrastructure. With publicly available tools such as Shodan and Kamerka, hackers can not only identify unprotected control systems linked to the Internet but now have a street view of where those systems are located, potentially identifying the facility and business where those vulnerable OT endpoints reside. Throw in targeted attacked against the safety systems in critical infrastructure enabled by the Triton malware framework, and you now have a worst-case scenario incident to consider in your next cyber threat risk impact assessment.

Why is this so unnerving? Because successfully executed attacks on critical infrastructure and ICS can disrupt or destroy systems like power plants, natural gas pipelines or the electric grid. Prolonged power outages can lead to societal unrest, degrade our standard of living and cause the loss of human life. Meanwhile, without electrical power, there is no Internet, no banking, no communications—just chaos and disruption.

Utility companies are pouring trillions of dollars into upgrading the electric grid infrastructure. To maximize this ROI and maintain operational efficiency, these ICS assets and infrastructure need to be detected and monitored in real time.

That is why it’s essential for the energy sector to have in-depth device visibility into their OT/ICS networks in order to continuously and passively discover, classify and monitor these devices against threats without disrupting critical business processes.

Uncertainty acts as kryptonite for the energy sector. Accenture notes that 71% of organizations say cyberattacks are still a “bit of a black box,” meaning they don’t know when or how breaches will impact them. SANS Institute reports that 15% of organizations affected by a breach need more than a month to realize it, while 44% never identify its source.

Michael Van Chau, OT security practice lead at Accenture, sums up his insights, “Oil and gas companies have long relied on the inaccessibility of their critical infrastructure through air-gapping or other ‘old school’ forms of protection such as safety barriers, but such measures are no longer enough. For the most part in the US, these systems are no longer air gapped and each new digital application increases the company’s attack surface, leaving energy companies with a real cybersecurity dilemma: how do you balance the benefits of digital operations to enable the business while keeping the manufacturing and production sites safe and secure?”

Van Chau also reflects that “virtually every energy business has invested in comprehensive environmental, health and safety programs designed to prevent and remediate safety and environmental issues in operations. But many have not made the link between safety and cybersecurity, even though a successful cyberattack on an OT environment could result in the same level of impact. As a global leader in OT security remediation and deploying solutions that address security control gaps in the field, Accenture is helping organizations […] innovate ways to rapidly mature the cybersecurity posture of OT in their critical infrastructure.”

An enhanced network monitoring and situational awareness platform for OT/ICS in the utility and energy sector will improve both asset visibility and performance management. It can also help prevent and detect potential incidents before they damage the network.

Continuous monitoring can also help the energy sector understand their network architecture and a baseline of “normal” behavior for greater threat remediation. With this data and insight, they can better detect when systems, devices and people deviate from the baseline. This allows network administrators and OT managers to focus their time and resources on mitigating the most critical threats.

A comprehensive, intelligent OT/ICS network monitoring platform can also afford the energy sector with increased productivity and lower risk profiles. Automated incident response allows for the swift prevention of malicious access to systems and networks while improving audit compliance to boot.

IT/OT convergence means there are more security implications to consider than ever before. It’s imperative energy sector security teams possess complete situational awareness of the assets on their network and understand their operational risk profile. In just two short years, energy sector security teams have become responsible for 70% of OT security, according to Gartner. That means they need the visibility, control and flexibility to protect their firms.

With an integrated IT/OT security strategy in place and a unified device visibility and control platform at the ready, the energy sector will be well poised to establish the sort of cyber resiliency needed to create a safer, smarter grid that’s more reliable, efficient and secure.

Damiano Bolzoni is the vice president, industrial and operational technology at Forescout Technologies.

 

Tags: IIoT/Manufacturing Security Energy/Utilities Features

Related


  • IoT App Development Gets Agility Boost From Container Technologies
    IoT app development has clamored for greater agility, productivity and security. Container technologies can realize those benefits.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • Mixed picture
    IoT Spending Is a Mixed Picture in 2020
    While COVID-19 has forced budget cuts for some organizations, the pandemic has also driven IoT spending increases for others.  
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Building a Foundation for AI in Cybersecurity
  • COVID-19 Poised to Build a Robotic Ecosystem
  • Electric Grid Stability Assailed by Growing Challenges
  • Energy Grid Security Gets More Challenging With IoT

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Smart and Flexible Automotive and Tire Production

20th December 2020

Unlock the Potential of Digital Transformation in Oil & Gas

15th December 2020

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Real Cyber Threats and Best Practices Cyber Security Strategy and Solutions for Smart Manufacturing

1st December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

Food for thought: Food and Beverage Industry eBook @ROKAutomation dlvr.it/Rqz00T https://t.co/Z3y18vuozF

20th January 2021
IoTWorldToday, IoTWorldSeries

Facility of the Future dlvr.it/Rqyzvm https://t.co/ytpsOUTtGP

20th January 2021
IoTWorldToday, IoTWorldSeries

A new day in automotive production #digitalmanufacturingsolutions @ROKAutomation dlvr.it/RqyrNS https://t.co/yxPFrBZGVg

20th January 2021
IoTWorldToday, IoTWorldSeries

Unlock the potential of digital transformation in Oil & Gas @ROKAutomation dlvr.it/RqyrBV https://t.co/kzHcGjf2OK

20th January 2021
IoTWorldToday, IoTWorldSeries

.@Airbus’s #datdriven #digitaltransformation focused on getting its existing data in order rather than just gatheri… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#EdgeNLP enables devices to do much more #NLP locally that better approximates human conversation.… twitter.com/i/web/status/1…

19th January 2021
IoTWorldToday, IoTWorldSeries

#Supplychain analytics, #digitaltwins and other tools are key to predicting COVID-19-style disruption in the supply… twitter.com/i/web/status/1…

18th January 2021
IoTWorldToday, IoTWorldSeries

At #CES2021, @verizon touts #5Gconnectivit as the key to digitization in pandemic times. But experts say there are… twitter.com/i/web/status/1…

12th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X