Here, I will talk about power cybersecurity. Read on.
Industrial facilities like power plants continue to be vital parts of the critical infrastructure in every country. Clearly, the highest protection measures should be implemented to avoid any kind of unlawful invasion, including terrorist acts.
Physical and administrative security is often handled well. However, for many technical reasons, cybersecurity at industrial facilities could be better. Notorious examples of cyber-attacks on the energy sector include Stuxnet – a virus that disabled Iranian nuclear centrifuges, and the Colonial Pipeline ransomware attack in the US.
Due to rapid technological development, engineers at power plants can monitor hardware processes online. This gives attackers an opportunity to infect such networks with malware and disrupt the operation, causing severe environmental consequences, economic turmoil, and losses of life.
Power Plant Cybersecurity: Where To Start?
The security of digital networks in critical infrastructure depends on many factors. Generally, the operation of power plants relies on the sensor data that informs engineering centers. The danger of direct attacks is also enhanced by software supply chain attacks. For example, the Solar Winds attack gave bad actors access to power networks.
It’s important to start with monitoring and parsing data logs which gives security engineers enough data to be able to detect incoming threats. Then, software solutions like SOC Prime’s Detection as Code platform provide generic Sigma-based detection content that can be applied to log data and identify possible attacks, creating security alerts.
SOC teams can also use free tools like Uncoder.IO, which allow performing an instant translation of search queries, filters, and API requests to a vendor-specific format.
Ensuring the cybersecurity of large plants with lots of unique equipment is not an easy task. Let’s review the components of industrial data safety and ways to protect information, processes, and people.
How To Achieve Industrial Cybersecurity?
Traditionally, the cybersecurity domain has had three major constituents: confidentiality, integrity, and availability. These properties might be applied to the industrial cybersecurity sector as well.
Confidentiality might be applicable on different levels. On a higher level, it’s about the private use of proprietary information: how the equipment works, how it’s built, what technology is used, how the power is distributed, what are the other network participants, and much more.
On a lower level, power usage patterns can potentially reveal personal information about individual appliances. The activity of personal devices can also be monitored from a central power facility, so if spyware infiltrates the network, it can target precise individuals like political activists, journalists, and people who hold responsible positions in governments.
Confidentiality of software is also critically important since the cybersecurity of industrial networks rely on the secrecy of methods used to maintain the facilities.
Integrity of data is of the utmost importance. Tampering with data, like in the case of man-in-the-middle attacks, might lead to disastrous consequences. If the power plant sends the wrong datasets to the network, it might lead to power shortages.
Attackers might also act more stealthily, injecting negative prices and causing utilization spikes. The integrity of sensor data is crucial because the wrong information coming from sensors might lead to missing critical temperatures or other metrics.
The result of overheating is well known by previous nuclear explosions on power plants that happened in the XX century. Finally, the compromise of software integrity can lead to attackers taking control of devices and grid components.
Availability means that the necessary information is available whenever it is needed. Denial of service (DoS) or Distributed Denial of Service (DDoS) attacks might provoke an overflow of data packets which clog the network traffic and prevent servers from working correctly.
When it comes to the energy sector, having sensor information at hand and being able to control devices, appliances, and grids is critically important. If engineers fail to act on the data they have, this might also lead to undesirable consequences.
Physical Safety And Cybersecurity
There are many ways to perform a cyber-attack. Yet, many cybersecurity professionals consider only the software part when it comes to ensuring informational security. This can be a mistake because a cybersecurity attack might also start from a physical attack.
Such attacks are most commonly performed by insiders because some of them have exclusive access to hardware and operational controls. It’s much easier for an adversary to bride an employee than to gain access to precisely monitored rooms.
A physical attack might start from installing additional devices on top of the legitimate ones or simply stealing information with the help of USB sticks. One of the reported cases includes the seizure of transformers manufactured in China.
Turns out, manufacturers added some additional appliances to the original hardware, the purpose of which remains unknown to the public. Researchers say that there are still thousands of likewise Chinese devices installed into industrial operation controls.
Power cybersecurity should be one of the key considerations during the process of designing specific hardware for the industrial sector. And when it happens otherwise, the proper security level can’t be provided in later stages because cybersecurity software simply can’t integrate with such specific endpoints and networks.
Steps To Ensure Industrial Cybersecurity
President Biden’s executive order issued in May 2021 gives some guidelines on enhancing power cybersecurity across many industries, critical infrastructure included. Furthermore, organizations like CISA, NIST, and MITRE also give their recommendations. MITRE ATT&CK framework has a few matrices, one of which is specifically dedicated to the industrial sector.
Major power system operators say they participate in simulations hosted by GridEX and the Department of Energy. These industry protective exercises help to try out the response and recovery procedures during simulated attacks that combine cyber and physical patterns.
The latest survey shows that C-level respondents are aware of the surge of cyber-attacks in the energy sector, but it’s challenging to keep up due to the lack of expertise and numerous vulnerabilities that are disguised in long supply chains.