This post is also available in: עברית (Hebrew)
The US electrical grid remains alarmingly vulnerable to a variety of cyber threats. Judging by the number and type of cyber incidents reported to the U.S. Department of Homeland Security (DHS), hackers appear to be stepping up efforts to access or otherwise harm the electrical grid.
During fiscal year 2014, DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 245 cyber incidents targeting various companies’ industrial control systems. This, according to a bulletin released March 2015. In the energy sector, which reported the most incidents, industrial control systems monitor and control nuclear power facilities, wastewater collection and treatment plants, oil and gas pipelines, and the generation, transmission, and distribution of electricity.
According to a report by The Wall Street Journal, those cyber incidents that energy and other sectors reported on, encompassed a wide range of attacks, including unauthorized access to Internet-facing industrial control and SCADA (supervisory control and data acquisition) devices, exploitation of zero-day vulnerabilities in those devices, malware, and network scanning and probing.
Experts cite the following major focus areas for electric utilities:
Balance compliance and risk. Protecting the bulk electric system (BES) from known cyber threats and risks requires business leaders to have sufficient understanding of the threat landscape and their risk profile to make sound decisions about the structure and purpose of the cyber risk program and related investments.
Integration into BES operations. IT security should not be an afterthought in the BES environment or simply comprise a set of technology-based controls. It should be an integral part of design, operations, and ongoing maintenance. Utilities should scrutinize which employees (and potentially third parties) have access to BES-related resources and confirm that only those individuals who absolutely need access have it. They should also implement a disciplined process for upgrading BES devices that includes careful change management controls and pre-tested configuration standards.
Sharing cyber threat information. Most major cyberattacks don’t occur as a single event but as a string of incidents that take place over time. Viewing incidents in isolation makes seeing broader attack campaigns very difficult. By sharing information on cyber threats, utilities can better detect systemic threats and also learn from their peers what anomalies to look for on their networks. Utilities can share cyber threat information with local law enforcement offices, select peers, and organizations like the Electricity Sector Information and Analysis Center (ES-ISAC) or ICS-CERT.