Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/14/2020
02:00 PM
Leo Simonovich
Leo Simonovich
Commentary
50%
50%

Global Predictions for Energy Cyber Resilience in 2020

How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.

The new year is shaping up to be a year of giant leaps for cybersecurity and the energy sector. The escalation of attacks brought us to a tipping point in 2019. Across the energy sector, leaders now recognize we need to step up defenses to meet the threat environment.

Over the past few years, cyberattacks on the energy sector have grown in volume and in sophistication. Attacks increasingly targeted the operating technology (OT) environment, reaching beyond information technology (IT) systems like servers and mobile devices to attack machinery and equipment including turbines, compressors, and transformers. This distinction has consequences. Attacks on the OT environment have the potential to cause physical damage to a plant, create service outages, and even cost lives. In some cases, attackers had the backing of nation-states in developing attacks specifically tailored to disruption of operations — not the theft of information that many IT cybersecurity measures are designed to prevent.

Just as important: Defending the OT environment is not the same as defending IT. The tools used to recognize malware on a server or desktop aren't a one-to-one match for the steps needed to recognize attacks intended to break a steam turbine, let alone stop an attack in progress. Utilities — especially large utilities — continue to seek better visibility into their operating assets through digitalization. When asked in an industrywide survey conducted in the summer of 2019 by Siemens and the Ponemon Institute, utility sector cybersecurity officers estimated that 30% of cyberattacks on OT went undetected. Some utilities are now using artificial intelligence and machine learning technologies to boost cybersecurity by not only monitoring their system conditions, but automating the contextualization of their data. Understanding context is essential to recognizing attacks in the OT, where malicious code may not carry the telltale signatures used to recognize conventional IT attacks.

The good news is that leaders across the industry are aware they face a new type of threat, and they're aware that current defenses can't meet that threat. That awareness will prompt action. Here are my predictions about five key trends in cybersecurity in the utility sector this coming year.

Trend 1: Cybersecurity will take new prominence in organizational structures.
Cybersecurity risks now rise to the level of the C-suite and the boardroom. Get cybersecurity wrong, and your organization will face financial, reputational, and service outage consequences. Clear, direct communications from cybersecurity experts to leadership will be an essential feature of any strong organization. A CEO doesn't need to be an expert — but they'll need to hear from someone who is.

Trend 2: People and talent will remain scarce.
With cyberattacks now confronting the OT environment, a strong cybersecurity team needs to draw on experience from the operating environment, security, and IT. A single person rarely has the necessary skills and experience — and those people who bring a combined background will be highly valued.

In our recent industry survey, lack of skilled personnel was the No. 1 most cited pain point in managing cybersecurity risk. Fifty-eight percent of cybersecurity officers indicated that their organization did not have sufficient staff to meet their cybersecurity objectives in the OT environment. Meanwhile, the same survey showed that utilities allocated the smallest share of their cybersecurity budget to personnel and training. Large organizations will compete to hire the talent that is available.

Trend 3: Small and midsize organizations will be targets.
Many utilities In the United States and around the world are relatively small, serving a municipality or a region. These small and medium-sized organizations face the same threat environment as the largest corporations. In one set of attacks in 2018, nation-state hackers targeted small businesses in or affiliated with the electricity sector. The set of targets included small generating stations with contracts to provide emergency backup power to U.S. military installations. This is an alarming example of how the shift toward threats targeting OT coincides with a shift toward targeting smaller organizations.

Trend 4: Partnerships will drive innovation.
Many organizations already contract out cybersecurity as an efficient way to bring together cyber expertise with the knowledge of their unique operating environment. When surveyed, 70% of respondents indicated an interest in contracting third parties for monitoring and detection Expect a cottage industry of experts in cyber and OT to offer solutions — and expect some growing pains. Organizations will need to learn how to build the trust and intimacy needed to share real-time operating data with partners, on top of doing the technical work that enables monitoring and protection.

Trend 5: Context will be key, and artificial intelligence will be king.
Whether in-house or as partners, one major challenge in defending operating environment lies in understanding what's happening in the machinery quickly enough to flag and mitigate attacks. Getting it right requires monitoring every possible attack pathway, along with thousands of data points about the operating state of equipment. There are clear advantages to automating this analysis, even before considering the talent shortage in cybersecurity. To date, only 18% of utility organizations have adopted AI to automate monitoring and contextualization of OT system conditions, but these technologies offer great promise for amplifying the efforts of small teams, and tailoring solutions to unique systems.

I'm broadly encouraged by a new awareness about the nature of threats against the energy sector. We have a lot of work to do to catch up — and we should not expect attackers to stay still. But I believe the energy sector is primed and ready to answer the escalating attack environment in OT, and to build the trust, the partnerships, and the technologies that will protect critical infrastructure in 2020 and beyond.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Car Hacking Hits the Streets"

Leo Simonovich is responsible for setting the strategic direction for Siemens' industrial cybersecurity business worldwide. He identifies emerging market trends, works with customers and Siemens businesses to provide best-in-class cyber offers, and contributes to the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11565
PUBLISHED: 2020-04-06
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa.
CVE-2020-11558
PUBLISHED: 2020-04-05
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_m...
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.