By Miles Tappin, VP of EMEA at ThreatConnect
The threat to critical infrastructure continues to become more severe and sophisticated as the years go on. In fact, according to the World Economic Forum , utilities are facing a perfect storm – undergoing a digital transformation, preparing for a more distributed energy landscape and protecting customers against disruptions in service.
While innovation and digital transformation are key focus areas for many in the utilities sector, it is becoming change, but it also gives opportunistic cybercriminals new attack vectors.
In the last year alone, a number of high-profile attacks have hit the utilities and energy sector. In the States, a South Carolina water supplier was targeted in an ‘international cyberattack,’ affecting online payments for half a million people, the European Network of Transmission System Operators for Electricity (ENTSO-E) was hit by an attack in March, while in November the Nuclear agency in Japan (the Nuclear Regulation Authority) suffered a cyber-attack which took down its website for several hours.
With the potential threat only set to rise, the utilities and energy sector needs to be acutely aware of the potential danger posed by cyber-attacks like these. Businesses must be prepared to defend themselves and be able to deal with attacks quickly and efficiently. But how can companies do this when attacks are becoming ever more sophisticated?
Industry collaboration – a key tool in the cyber fight
To deliver reliable services to society, critical infrastructure providers need to ensure cybersecurity is built into operating models. But how do companies know where to prioritise their efforts when the number of adversaries is growing and motives are so varied, ranging from financial gain, to geopolitics to sabotage?
There are several stages to tackling this effectively. The first thing organisations must do is to quantify risk – how likely an attack is, how prepared defences are currently and what the potential damage could be in terms of cost and reputation. Understanding this can help businesses understand where investment must be made and the risk of not doing so.
From there, a key element is gathering intelligence. However, this is not limited to intelligence gathering from within the organisation. In the fight against cyber adversaries, collaboration is key. This means combining threat intelligence gathered by internal security teams with insights gathered by other companies in the sector. These insights can also be integrated with information from a number of different locations and industry sources, such as the Electricity Information Sharing and Analysis Center (E-ISAC), Supervisory control and data acquisition (SCADA), Oil & Natural Gas Information Sharing and Analysis Center (ONG-ISAC) and Department of Homeland Security (DHS).
This will help organisations build a better picture of the adversaries they face, the methods they use, and the vulnerabilities they target. From there, security teams can better understand how best to defend themselves. For example, if intelligence reveals that a criminal group is targeting businesses across the industry with a targeted spear phishing campaign, using COVID-19 as a lure, steps can be taken and defences can be put in place.
The more you know, the better you’ll be able to respond to a new threat. Basic details including where the malware comes from, what it does, and how it was targeted in the past can help form the basis of an intelligence-led defence.
Turning intelligence into action
Having the right intelligence, however, is not enough to ensure that intelligence is turned into action. Integrating internal security tools and technologies, while also connecting to external sources, creates a single source of intelligence that feeds operations and enables organisations to direct action against the threats that matter most. The outcomes of those actions also feed intelligence, providing the ability to further refine the efficacy of the entire security lifecycle.
This approach provides a continuous feedback loop for the people, processes and technologies that make up the security programme. It also allows businesses to keep up with threat actors that are constantly adapting their methods to profit at the expense of others – something that will not stop anytime soon.
Intelligence doesn't exist for its own sake: it exists to inform decisions. There are automated platforms that make it easy to take action on information pulled together in this way, further simplifying the process and allowing staff to send indicators to be blocked or assigned to an analyst for further investigation.
Automation can take much of the load of back-end administration off the shoulders of the analysts, leaving them to apply their expertise to the decision-making process once all relevant information has been combined and parsed. That adds up to a more effective defence and a more economical spread of resources.
Attacks will continue, the sector must be prepared to defend itself
Utilities companies may be facing the perfect storm, but it’s one they can weather if the right steps are taken. Utility executives, managers and security professionals need to hold the necessary discussions and identify the pain points in their infrastructure to raise awareness and allow best practices to be built to eliminate these threats.
If businesses in the sector learn to quantify the risks they face, collaborate with other organisations within the sector, use intelligence to inform decisions and automate defences where possible, they will be well placed to defend themselves against adversaries.