Cyber threats have the potential to impact the power grid in a similarly serious manner.
Uncharacteristic winter weather recently sent the Texas power grid into overdrive, resulting in mass outages. Unfortunately, inclement weather isn’t the only threat facing utility companies: Cyber threats have the potential to impact the power grid in a similarly serious manner. The pandemic has compounded existing risks, driving utilities’ digital transformation at a much faster pace, effectively widening attack surfaces and exposing the risks associated with integrating operations technology with information technology.
With remote work and distributed networks here to stay, both utilities and government regulators must shift their cybersecurity focus. Here are two important considerations utility companies should keep in mind when building an active defense to help secure the electric grid.
New Guidelines Recommend a Little Trickery
Utilities seeking ways to reinforce their defenses can start by reviewing helpful resources like MITRE ATT&CK and MITRE Shield, both freely available knowledge bases that help defenders better understand the adversaries they face and what defenses they should put in place to counter them. Utility companies may not be able to prevent every adversary from getting into the system, but these MITRE programs can help them better prepare for attacks in the future.
One area that MITRE has increasingly focused on includes cyber deception and denial technology, which are increasingly being adopted to detect lateral movement within the network. Deception can identify unauthorized activity during attacker discovery, lateral movement and privilege escalation, luring them away from valuable assets with decoys designed to look like real network objects. A hydroelectric system might put a decoy structure in place with fake programmable logic indistinguishable from the real thing. An attacker who tries to tamper with a fake valve will immediately give away their presence, and the deception environment can automatically isolate them and notify security teams.
Privileged Access Abuse Can Have Serious Ramifications
Globally, more than 90% of all organizations use Active Directory for employee authentication, identity management and access control. With privileged access abuse a factor in 80% of all known security breaches, utilities must rethink the way they protect identities, credentials and high-value assets. Managing privileged access today is very different from prior years, and now extends from endpoints to the cloud and covers credentials, infrastructure, databases and network devices.
What if an adversary targets a northeastern utility company during a blizzard? They may start simply by sending a spear-phishing message to an employee. The link may download an injection code that compromises the system and gives the adversary direct access to it. Just like that, they can move laterally and use their privileged access to target identities and credentials to damage or disrupt the power grid. Utility companies must equip their security teams with the tools they need to assess risks in AD and prevent attackers from exploiting them in this manner.
Moving in the Right Direction
The good news is that government entities are taking proactive measures to help providers ensure the resiliency of the electric grid. The Cyberspace Solarium Commission issued a report last year outlining how utility commissioners can strengthen the cybersecurity of critical infrastructure and the electric grid. The Energy Department also announced the creation of a subcommittee dedicated to modernizing U.S. power infrastructure and tackling the growing threats to America's electrical grid. Even so, the government lags behind when it comes to incentivizing incident reporting.
As utility companies rethink cybersecurity, they should consider measures that will not only allow for the detection of lateral movement but also help manage privileged access. And as Texas recovers from one of the biggest energy crises in years, the state should use it as an opportunity to not only shore up the grid for future weather events, but also unexpected attacks from emboldened adversaries looking to cause harm.
Tony Cole is chief technology officer for Attivo Networks.