In early 2021, Americans living on the East Coast got a sharp lesson on the growing importance of cybersecurity in the energy industry. A ransomware attack hit the company that operates the Colonial Pipeline—the major infrastructure artery that carries almost half of all liquid fuels from the Gulf Coast to the eastern United States. Knowing that at least some of their computer systems had been compromised, and unable to be certain about the extent of their problems, the company was forced to resort to a brute-force solution: shut down the whole pipeline.
Leo Simonovich is vice president and global head of industrial cyber and digital security at Siemens Energy.
The interruption of fuel delivery had huge consequences. Fuel prices immediately spiked. The President of the United States got involved, trying to assure panicked consumers and businesses that fuel would become available soon. Five days and untold millions of dollars in economic damage later, the company paid a $4.4 million ransom and restored its operations.
It would be a mistake to see this incident as the story of a single pipeline. Across the energy sector, more and more of the physical equipment that makes and moves fuel and electricity across the country and around the world relies on digitally controlled, networked equipment. Systems designed and engineered for analogue operations have been retrofitted. The new wave of low-emissions technologies—from solar to wind to combined-cycle turbines—are inherently digital tech, using automated controls to squeeze every efficiency from their respective energy sources.
Meanwhile, the covid-19 crisis has accelerated a separate trend toward remote operation and ever more sophisticated automation. A huge number of workers have moved from reading dials at a plant to reading screens from their couch. Powerful tools to change how power is made and routed can now be altered by anyone who knows how to log in.
These changes are great news—the world gets more energy, lower emissions, and lower prices. But these changes also highlight the kinds of vulnerabilities that brought the Colonial Pipeline to an abrupt halt. The same tools that make legitimate energy-sector workers more powerful become dangerous when hijacked by hackers. For example, hard-to-replace equipment can be given commands to shake itself to bits, putting chunks of a national grid out of commission for months at a stretch.
For many nation-states, the ability to push a button and sow chaos in a rival state’s economy is highly desirable. And the more energy infrastructure becomes hyperconnected and digitally managed, the more targets offer exactly that opportunity. It’s not surprising, then, that an increasing share of cyberattacks seen in the energy sector have shifted from targeting information technologies (IT) to targeting operating technologies (OT)—the equipment that directly controls physical plant operations.
To stay on top of the challenge, chief information security officers (CISOs) and their security operations centers (SOCs) will have to update their approaches. Defending operating technologies calls for different strategies—and a distinct knowledge base—than defending information technologies. For starters, defenders need to understand the operating status and tolerances of their assets—a command to push steam through a turbine works well when the turbine is warm, but can break it when the turbine is cold. Identical commands could be legitimate or malicious, depending on context.
Even collecting the contextual data needed for threat monitoring and detection is a logistical and technical nightmare. Typical energy systems are composed of equipment from several manufacturers, installed and retrofitted over decades. Only the most modern layers were built with cybersecurity as a design constraint, and almost none of the machine languages used were ever meant to be compatible.
For most companies, the current state of cybersecurity maturity leaves much to be desired. Near-omniscient views into IT systems are paired with big OT blind spots. Data lakes swell with carefully collected outputs that can’t be combined into a coherent, comprehensive picture of operational status. Analysts burn out under alert fatigue while trying to manually sort benign alerts from consequential events. Many
By: Leo Simonovich
Title: Securing the energy revolution and IoT future
Sourced From: www.technologyreview.com/2021/09/21/1036050/securing-the-energy-revolution-and-iot-future/
Published Date: Tue, 21 Sep 2021 13:30:00 +0000
Did you miss our previous article…