Cybersecurity Peshkova
  1. Smart Utility
  2. Grid Security

Balancing Security and Electricity Production in the 'Cyber Utility of the Future'

Feb. 3, 2020
The entire utility must learn to work together to face cybersecurity challenges in effective ways

In the generation and transmission world, success is measured by production: delivering megawatts of electricity, in specific amounts, within a specific timeframe. And in cybersecurity, success is measured by the swift identification of threats, reduction of risk, and remediation after an incident. In the United States, utilities are also required to meet requirements for North American Electric Reliability Corporation critical infrastructure protection (NERC-CIP).

The tension of these two mandates, coupled with the imperative of maintaining safety and reliability, has prevented cybersecurity from gaining ground in our industry. Leadership may avoid tactics that interrupt production or impact compliance. Furthermore, many utilities experience limited communication between site leadership managing operational technology (OT) and information technology (IT) security teams.

Enter: the Cyber Utility of the Future. Here, the whole organization works together to face cybersecurity challenges in effective new ways:

  • Organizational resolve: trust and communication between generation and transmission sites (OT), traditional IT and information security
  • Environmental confidence: an accurate view of the entire production space with security considerations at all phases of an asset’s lifecycle
  • Attack surface hardening: iterative, standardized security tactics that protect assets without impeding productivity
  • Activity awareness: constant monitoring for security threats to inform an appropriate response while maintaining production and compliance with NERC-CIP regulations for OT systems
  • Cyber preparedness: testing, training and enterprise-level triaging for threat detection, recovery and business continuity

Organizational Resolve

The Cyber Utility of the Future brings cybersecurity and site leadership together under a common vision to discuss threats, vulnerabilities, risks and cyber remediation activities. In this increasingly interconnected and operationally complex environment, cybersecurity is everyone’s responsibility. Therefore, cyber training and awareness extends to all site employees and the governance team speaks with one voice to executive leadership through reporting and standardized metrics.

Environmental Confidence

If you are waiting to act until you are notified of a breach, it is too late. The Cyber Utility of the Future has full visibility of its security environment. This includes all devices that directly interact with the generation and transmission systems and all risks posed by vendor contractors, remote access services and production dependencies on external services. Staff track devices from procurement to disposal, ensuring that asset introductions and removals are always known. They are supported by mitigation plans that follow cyber best practices and remediation activities at the appropriate management level.

One critical component of environmental confidence is threat intelligence. Employing automated tools, artificial intelligence (AI) and human analysts, threat intelligence goes beyond basic perimeter defense and endpoint data to find malicious events across an organization’s entire infrastructure and the most advanced threat actors below its alert threshold.

Threat intelligence can help the Cyber Utility of the Future reduce dwell time and false positives, identify zero-day threats at scale and free up its security team’s time for other tasks. And it is an area that is continuously evolving. Booz Allen’s Threat Intelligence, for example, uses experienced threat hunters who know how to think like the enemy. Their efforts are accompanied by an AI library to discover behaviors that would typically avoid human detection, and new rules and anomaly detection analytics after every “hunt” that reduce false positives over time. 

Attack Surface Hardening

The Cyber Utility of the Future has a combination of hardening solutions available to ensure security and accountability — without disturbing productivity or production:

  • Asset grouping and network segmentation to limit vulnerabilities and threat actors to a portion of the network
  • A standardized approach to platform security — for example, applying configuration hardening requirements (such as patching and port disabling) to each control system asset based on a predetermined risk ranking
  • Access management for utility control systems, such as secure processes for remote access, centralized management of user accounts and unique user identifications
  • Baseline analyses, coupled with continuous tracking and reporting, to detect and remediate security flaws

Activity Awareness

Generation and transmission operations must achieve full environmental visibility with a minimal impact on production. The Cyber Utility of the Future achieves this balance through centralized threat detection and response that maintains the autonomy necessary for production and compliance with NERC-CIP requirements.

Real-time threat detection tools span the utility IT and OT network, identifying threats and sending event notifications to a centralized location. Here, expert analysts can review events to determine the potential impact and establish appropriate actions. 

Cyber Preparedness

The Cyber Utility of the Future takes a top-down approach to containing front-line threats. Generation and transmission operations employ security-educated personnel, regularly test security controls and practice cyber incident response processes in partnership with IT and information security partners.

They use their visibility of the utility production environment to create custom-tailored playbooks that define responsibilities, escalation protocols and tactical response. A disaster planning team identifies each site’s business continuity and disaster recovery needs and integrates them with the recovery needs of the entire utility. This creates a global capability for business continuity and disaster recovery that sequences recovery efforts through enterprise-level triaging.

Two Use Cases

How can organizations apply the Cyber Utility of the Future approach to their operations?

For compliance or audit readiness:

  • Implement standardized processes and workflows
  • Manage these processes and workflows through a system of record. This enforces and documents compliance
  • Automate the collection and management of evidence to simplify and expedite audit response

For increasing visibility into cyber infrastructure:

  • Establish continuous monitoring capabilities in operational networks. This provides greater awareness of threats and business risks
  • Consolidate security tool feeds into your security information and event management. This enables business autonomy while elevating visibility to the enterprise level across all lines of business, improving threat detection and remediation. Now utilities do not have to wait for operational impact to know where the breach is

Conclusion

Even in an increasingly complex operating environment, it is possible to balance the unique requirements of electricity production with escalating cybersecurity demands.        

Voice your opinion!

To join the conversation, and become an exclusive member of T&D World, create an account today!

Continue Reading

Sponsored Recommendations