Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/14/2020
02:00 PM
Leo Simonovich
Leo Simonovich
Commentary
50%
50%

Global Predictions for Energy Cyber Resilience in 2020

How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.

The new year is shaping up to be a year of giant leaps for cybersecurity and the energy sector. The escalation of attacks brought us to a tipping point in 2019. Across the energy sector, leaders now recognize we need to step up defenses to meet the threat environment.

Over the past few years, cyberattacks on the energy sector have grown in volume and in sophistication. Attacks increasingly targeted the operating technology (OT) environment, reaching beyond information technology (IT) systems like servers and mobile devices to attack machinery and equipment including turbines, compressors, and transformers. This distinction has consequences. Attacks on the OT environment have the potential to cause physical damage to a plant, create service outages, and even cost lives. In some cases, attackers had the backing of nation-states in developing attacks specifically tailored to disruption of operations — not the theft of information that many IT cybersecurity measures are designed to prevent.

Just as important: Defending the OT environment is not the same as defending IT. The tools used to recognize malware on a server or desktop aren't a one-to-one match for the steps needed to recognize attacks intended to break a steam turbine, let alone stop an attack in progress. Utilities — especially large utilities — continue to seek better visibility into their operating assets through digitalization. When asked in an industrywide survey conducted in the summer of 2019 by Siemens and the Ponemon Institute, utility sector cybersecurity officers estimated that 30% of cyberattacks on OT went undetected. Some utilities are now using artificial intelligence and machine learning technologies to boost cybersecurity by not only monitoring their system conditions, but automating the contextualization of their data. Understanding context is essential to recognizing attacks in the OT, where malicious code may not carry the telltale signatures used to recognize conventional IT attacks.

The good news is that leaders across the industry are aware they face a new type of threat, and they're aware that current defenses can't meet that threat. That awareness will prompt action. Here are my predictions about five key trends in cybersecurity in the utility sector this coming year.

Trend 1: Cybersecurity will take new prominence in organizational structures.
Cybersecurity risks now rise to the level of the C-suite and the boardroom. Get cybersecurity wrong, and your organization will face financial, reputational, and service outage consequences. Clear, direct communications from cybersecurity experts to leadership will be an essential feature of any strong organization. A CEO doesn't need to be an expert — but they'll need to hear from someone who is.

Trend 2: People and talent will remain scarce.
With cyberattacks now confronting the OT environment, a strong cybersecurity team needs to draw on experience from the operating environment, security, and IT. A single person rarely has the necessary skills and experience — and those people who bring a combined background will be highly valued.

In our recent industry survey, lack of skilled personnel was the No. 1 most cited pain point in managing cybersecurity risk. Fifty-eight percent of cybersecurity officers indicated that their organization did not have sufficient staff to meet their cybersecurity objectives in the OT environment. Meanwhile, the same survey showed that utilities allocated the smallest share of their cybersecurity budget to personnel and training. Large organizations will compete to hire the talent that is available.

Trend 3: Small and midsize organizations will be targets.
Many utilities In the United States and around the world are relatively small, serving a municipality or a region. These small and medium-sized organizations face the same threat environment as the largest corporations. In one set of attacks in 2018, nation-state hackers targeted small businesses in or affiliated with the electricity sector. The set of targets included small generating stations with contracts to provide emergency backup power to U.S. military installations. This is an alarming example of how the shift toward threats targeting OT coincides with a shift toward targeting smaller organizations.

Trend 4: Partnerships will drive innovation.
Many organizations already contract out cybersecurity as an efficient way to bring together cyber expertise with the knowledge of their unique operating environment. When surveyed, 70% of respondents indicated an interest in contracting third parties for monitoring and detection Expect a cottage industry of experts in cyber and OT to offer solutions — and expect some growing pains. Organizations will need to learn how to build the trust and intimacy needed to share real-time operating data with partners, on top of doing the technical work that enables monitoring and protection.

Trend 5: Context will be key, and artificial intelligence will be king.
Whether in-house or as partners, one major challenge in defending operating environment lies in understanding what's happening in the machinery quickly enough to flag and mitigate attacks. Getting it right requires monitoring every possible attack pathway, along with thousands of data points about the operating state of equipment. There are clear advantages to automating this analysis, even before considering the talent shortage in cybersecurity. To date, only 18% of utility organizations have adopted AI to automate monitoring and contextualization of OT system conditions, but these technologies offer great promise for amplifying the efforts of small teams, and tailoring solutions to unique systems.

I'm broadly encouraged by a new awareness about the nature of threats against the energy sector. We have a lot of work to do to catch up — and we should not expect attackers to stay still. But I believe the energy sector is primed and ready to answer the escalating attack environment in OT, and to build the trust, the partnerships, and the technologies that will protect critical infrastructure in 2020 and beyond.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Car Hacking Hits the Streets"

Leo Simonovich is responsible for setting the strategic direction for Siemens' industrial cybersecurity business worldwide. He identifies emerging market trends, works with customers and Siemens businesses to provide best-in-class cyber offers, and contributes to the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...
CVE-2020-8247
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...