Energy-grid security gets more challenging with IoT
Today, IoT networks in the power utilities sector are besieged by myriad security threats. These assaults come from an assortment of malicious sources and target virtually every element of grid-based operations. And by their nature, the complex and wide-reaching networks that deliver power to billions of endpoints are perhaps among the most vulnerable. If that sounds dangerous, it should.
Grid operators are well aware of the perils that could disrupt their network operations and the reams of data they collect daily. Regardless of your enterprise’s vertical, if your infrastructure includes an IoT network, the challenges of securing it are usually exponentially greater than those associated with securing a traditional networked environment.
In a Siemens and the Ponemon Institute survey on utilities and cyberthreats 64% of responding utilities cited “sophisticated attacks” as a top challenge for their operational infrastructure. More than half of the respondents — 54% — glumly predicted that they expected “an attack on critical infrastructure” within 12 months.
The 1,700-plus respondents had good reason for their concern and pessimism: 56% said their organizations had suffered at least one attack in the past 12 months that resulted in a loss of private data or that created an outage. Adding to their uneasiness is the estimate that 30% of cyberattacks on operational technology (OT) go undetected.
Yet another survey by 451 Research bolsters the premise that security is front of mind for utilities. Asked what they consider the biggest challenges related to deploying IoT technology, 42% ranked security concerns No. 1.
Energy Sector Is More Threatened Than Ever
Various developments have turned energy environments into security minefields and are directly related to the changing nature and growing sophistication of utilities’ IoT-enabled grids.
“We see not just IoT but IIoT as presenting challenges for what was the traditional conceptual approach to thinking about cybersecurity, which was the concept of having a perimeter — and if you secured the perimeter and you did everything you could to make that as hard and robust and resilient as possible, then you were confident that your assets and your data inside of that network were protected,” noted Christine Hertzog, a principal technical leader focused on cybersecurity at the Electric Power Research Institute (EPRI).
But the concept of creating a secure network perimeter has lost relevance for energy utilities and other organizations, given the rise of IoT connectivity, remote working and other factors.
Grids also have a greater reach than just a few years ago, so they connect to more devices, partners and customers to both provide power and share data. These capabilities increase vulnerability, or what information security professionals refer to as a wider “attack surface.”
“Five, ten years ago, you had a network that was not really instrumented with any digital devices, so it was all static and physical security was really all they’re worried about,” said Mike Kelly, senior research analyst at Guidehouse. “But when you have billions of devices — whether on the power lines, at the substation, in the homes — you essentially have this entirely new network of devices that are vulnerable to attack.”
To read the complete article, visit IoT World Today.