Smart Grids are a critical national resource that are subject to cyber-attack. To date, Smart Grid cyber-security strategies have focused on protection. What happens when an attack is successful, and a threat actor gets past the protection measures? This is when in-depth cyber-security defense is needed.
To achieve the social and economic benefits of a Smart Grid, Distribution System Operators (DSOs) are deploying sophisticated equipment into the low-voltage grid. Whilst this meets the objectives for Smart Grid, it creates more points of entry that a threat actor can exploit. Experts in the ICT sector have found that relying solely on protection against threat actors is insuﬃcient. Only when detection and response is coupled with protection, is it possible to oﬀer a comprehensive cyber-security defense.
Even if a DSO is aware of security events, they can be missing important indicators of attack, simply because they are lost in the background of low-level threat indicators and false positives. Common responses are to log everything or log nothing. In either case, some DSOs may be unable to spot the key indicators which would allow them to adopt a modified security posture in response to a threat or to react to block an attack or limit a penetration.
When evaluating security solutions, DSOs need to select a Security Information and Event Management (SIEM) system that is able to:
• Monitor the smart grid without interrupting or disrupting the key service it offers
• Interpret events from the smart grid
• Have the right context by which to assess these events
• Identify and be familiar with the types of attacks, which are specific to a smart grid
• Have awareness of attacks across a community of DSOs and spread the word of new threats
DSOs with a proper SIEM will be less vulnerable to denial of service attack or ransom, theft of corporate or customer information, theft of smart grid infrastructure, and may also enjoy lower corporate insurance premiums. And consumers will be less vulnerable to disruption of supply and publication of personal information.
NES Grid Watch provides additional in-depth defense beyond protection. Grid Watch allows you to augment your already robust OSGP security infrastructure by adding detection capabilities to your established protection layers enabling your response capabilities. It allows you to identify changes in the threat-level, adapt your posture accordingly, spot a developing attack, identify points of penetration, quickly initiate responses to blunt the attack and start to oﬀer credible deterrents to the threat actor.