Cyber-security Concerns, OSGPJun 17, 2021
Recently, the OSGP published an excellent survey on the types of concerns the energy distribution community had regarding cyber-security threats and risks:
It was interesting that ransom came out lowest in the ranking.
Maybe, this was just timing.
Anyone in the energy sector will now know about the Colonial Pipeline cyber-attack. It even has its own Wikipedia entry - en.wikipedia.org/wiki/Colonial_Pipeline_cyberattack. And, by that benchmark, it may become one of the reference cases which will be discussed in cyber-security education for the next decade or two – just like the 2015 Black Energy attacks on Ukraine. Maybe, it will even become one of the pivotal moments which triggers a much-needed focus on cyber-security by our industry. The article certainly exposes the commercial nature of these attacks – for the cyber-criminals it is a simple business case.
Even now, after this attack, the narrative we hear still focuses on defensive measures. “Turn on all the security” is a good summary. But, why would we have “turned off” even part of the security in the first place?
Well, the answer to that is embedded in the seaming reliance on defensive measures. Encryption, keys, authentication, regulatory security standards etc…. are all good, but, in the complex, evolving and challenging environment of the low-voltage smart grid, it is hard to achieve a consistent level of defense. There will be weaknesses; because someone forgot to “turn on all the security” everywhere in the low-voltage smart or…. the time to upgrade does not match the need to respond fast or…. the older infrastructure can’t support the latest standards or…. It is the weakness that the cyber-criminals will exploit, and it is inevitable that there will be some weakness.
In fact, the idea that it is possible to “turn on all the security” is a weakness itself. It implies that it is possible to turn security off, and if that can be done, it can be done by the cyber-criminal.
So, defense is important, but as important is threat detection and response. This accepts that defense is not perfect and what is needed are systems to detect suspicious activity and highlight changes in ambient threat that may be indicators of weakness in defense, beach-heads established by the attackers, precursors to attacks and actual attacks. And then be able to respond to these quickly to limit the damage that can be done.
Every morning, the senior management at DarkSide will be meeting to discuss the business cases for the next attacks. With an average payment of $1.9M and 47% of ransoms being paid (as described by the excellent Wikipedia reference above) and has resulted in $90M revenue that we know about. It is a business case for them.
So, in response, the question I ask myself every morning is……. If the attack had been performed on an electrical energy distributor, and initiated from the complex and evolving environment of the low-voltage grid, could it have been spotted earlier with the current defensive solutions in place? That is why NES has been innovating in threat detection and response solutions; to help mitigate weaknesses in the defensive security in our low-voltage smart grid.
Check out Grid Watch - find out how to spot cybercriminals way ahead.