The big-time cyber threat utilities are ignoring (and two ways to solve it)
Editor’s note: There's no shortage of warnings about the cybersecurity threat. But such warnings equivalent of yelling "Fire!" in a crowded theater. They don't even point to an exit door, much less explain how to prevent the fire in the first place. So when my friend Ken Van Meter wrote in with a warning that also contained two specific recommendations, I asked if I could share his ideas with you here. -- Jesse Berst
By Ken Van Meter
Principal, Booz Allen Hamilton
We all expect great value from modernizing the grid. Yet the same functionality that lets us remotely manage assets also makes those assets ever more vulnerable to cyber attack. The old concepts of cyber protectionâ€"piling up bigger and thicker walls of hardware and software seeking 100% deterrenceâ€"have proven ineffective against attacks by legions of trained cyber adversaries. Those adversaries have vast resources. Their objectives are planned and executed silently over months or years.
There have been no public disclosures of major APT attacks on utilities. Yet other critical infrastructure industriesâ€"particularly government and financial servicesâ€"continue to see either targeted APT attacks or Indicators of Compromise (IOC). Although we have not yet had a coordinated "cyber tsunami” that would galvanize the energy industry, it makes sense to take thoughtful strides now.
The importance of a cooperative approach
New technologies and processes exist to find nascent and current APT and IOC. These methods should be used regularly to identify threats as early as possible to prevent the full attacks -- or, at least, to assess what happened and mitigate the damage.
An essential component of APT discovery and forensic review is the creation of new practices to deter future attacks and to enhance the utility's risk profile. However, since few utilities have the expert staff to deal with APTs on their own, it makes sense to pursue a consortium or other cooperative approach. That way, tools and processes can be shared across a larger base to reduce cost. In this way, more concurrent analysts get to look at a larger range of data and to find IOC and APT earlier. Such a consortium would have multiple benefits:
Â· Sharing new APTs
Â· Warnings of attack vectors in time to prevent or mitigate
Â· Alerts about new methods of incursion
Utilities should also avail themselves of other entities who are actively engaged in gathering and distributing information about cyber threats, including the United States Computer Emergency Readiness Team (US CERT) and the NERC Electricity Sector Information Sharing and Analysis Center (ES-ISAC).