Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/14/2020
02:00 PM
Leo Simonovich
Leo Simonovich
Commentary
50%
50%

Global Predictions for Energy Cyber Resilience in 2020

How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.

The new year is shaping up to be a year of giant leaps for cybersecurity and the energy sector. The escalation of attacks brought us to a tipping point in 2019. Across the energy sector, leaders now recognize we need to step up defenses to meet the threat environment.

Over the past few years, cyberattacks on the energy sector have grown in volume and in sophistication. Attacks increasingly targeted the operating technology (OT) environment, reaching beyond information technology (IT) systems like servers and mobile devices to attack machinery and equipment including turbines, compressors, and transformers. This distinction has consequences. Attacks on the OT environment have the potential to cause physical damage to a plant, create service outages, and even cost lives. In some cases, attackers had the backing of nation-states in developing attacks specifically tailored to disruption of operations — not the theft of information that many IT cybersecurity measures are designed to prevent.

Just as important: Defending the OT environment is not the same as defending IT. The tools used to recognize malware on a server or desktop aren't a one-to-one match for the steps needed to recognize attacks intended to break a steam turbine, let alone stop an attack in progress. Utilities — especially large utilities — continue to seek better visibility into their operating assets through digitalization. When asked in an industrywide survey conducted in the summer of 2019 by Siemens and the Ponemon Institute, utility sector cybersecurity officers estimated that 30% of cyberattacks on OT went undetected. Some utilities are now using artificial intelligence and machine learning technologies to boost cybersecurity by not only monitoring their system conditions, but automating the contextualization of their data. Understanding context is essential to recognizing attacks in the OT, where malicious code may not carry the telltale signatures used to recognize conventional IT attacks.

The good news is that leaders across the industry are aware they face a new type of threat, and they're aware that current defenses can't meet that threat. That awareness will prompt action. Here are my predictions about five key trends in cybersecurity in the utility sector this coming year.

Trend 1: Cybersecurity will take new prominence in organizational structures.
Cybersecurity risks now rise to the level of the C-suite and the boardroom. Get cybersecurity wrong, and your organization will face financial, reputational, and service outage consequences. Clear, direct communications from cybersecurity experts to leadership will be an essential feature of any strong organization. A CEO doesn't need to be an expert — but they'll need to hear from someone who is.

Trend 2: People and talent will remain scarce.
With cyberattacks now confronting the OT environment, a strong cybersecurity team needs to draw on experience from the operating environment, security, and IT. A single person rarely has the necessary skills and experience — and those people who bring a combined background will be highly valued.

In our recent industry survey, lack of skilled personnel was the No. 1 most cited pain point in managing cybersecurity risk. Fifty-eight percent of cybersecurity officers indicated that their organization did not have sufficient staff to meet their cybersecurity objectives in the OT environment. Meanwhile, the same survey showed that utilities allocated the smallest share of their cybersecurity budget to personnel and training. Large organizations will compete to hire the talent that is available.

Trend 3: Small and midsize organizations will be targets.
Many utilities In the United States and around the world are relatively small, serving a municipality or a region. These small and medium-sized organizations face the same threat environment as the largest corporations. In one set of attacks in 2018, nation-state hackers targeted small businesses in or affiliated with the electricity sector. The set of targets included small generating stations with contracts to provide emergency backup power to U.S. military installations. This is an alarming example of how the shift toward threats targeting OT coincides with a shift toward targeting smaller organizations.

Trend 4: Partnerships will drive innovation.
Many organizations already contract out cybersecurity as an efficient way to bring together cyber expertise with the knowledge of their unique operating environment. When surveyed, 70% of respondents indicated an interest in contracting third parties for monitoring and detection Expect a cottage industry of experts in cyber and OT to offer solutions — and expect some growing pains. Organizations will need to learn how to build the trust and intimacy needed to share real-time operating data with partners, on top of doing the technical work that enables monitoring and protection.

Trend 5: Context will be key, and artificial intelligence will be king.
Whether in-house or as partners, one major challenge in defending operating environment lies in understanding what's happening in the machinery quickly enough to flag and mitigate attacks. Getting it right requires monitoring every possible attack pathway, along with thousands of data points about the operating state of equipment. There are clear advantages to automating this analysis, even before considering the talent shortage in cybersecurity. To date, only 18% of utility organizations have adopted AI to automate monitoring and contextualization of OT system conditions, but these technologies offer great promise for amplifying the efforts of small teams, and tailoring solutions to unique systems.

I'm broadly encouraged by a new awareness about the nature of threats against the energy sector. We have a lot of work to do to catch up — and we should not expect attackers to stay still. But I believe the energy sector is primed and ready to answer the escalating attack environment in OT, and to build the trust, the partnerships, and the technologies that will protect critical infrastructure in 2020 and beyond.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Car Hacking Hits the Streets"

Leo Simonovich is responsible for setting the strategic direction for Siemens' industrial cybersecurity business worldwide. He identifies emerging market trends, works with customers and Siemens businesses to provide best-in-class cyber offers, and contributes to the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1093
PUBLISHED: 2020-02-21
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
CVE-2012-0828
PUBLISHED: 2020-02-21
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BM...
CVE-2012-0844
PUBLISHED: 2020-02-21
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
CVE-2013-3587
PUBLISHED: 2020-02-21
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses...
CVE-2012-6277
PUBLISHED: 2020-02-21
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8....