Rockwell Automation: Protecting Utilities From Cyber Attacks

As digitalization brings electric utilities online, they have become increasingly vulnerable to cyber threats. With cyber-attacks against utilities and vital national infrastructure on the rise, it has become paramount for organizations to ensure that threats are pre-empted and mitigated as early as possible.

Inc. Arabia speaks to operational technology (OT) specialist and strategist at Rockwell Automation, Gert Thoonen about why utilities have become a target for cyber-attacks and the challenges of securing the energy industry against attackers.

Thoonen, who has over 25 years of industry experience, has secured automation systems in various industries across EMEA, China, and the USA. As a principal security architect, he drives Rockwell Automation’s vision of “The Connected Enterprise” and Industry 4.0 in EMEA.

Below is an edited transcript of our interview.

Why are utilities a target for attackers?

Cybersecurity has become an increasingly important topic for electric utilities because of the digitalization of the grid and the frequency of attacks on critical national infrastructure. Electric utilities are exposed to an expanding risk surface area by a rapid increase in connection points from distributed energy resources (DERs), electric vehicles (EV), mobile workforces, and the cloud.

Other factors that make utilities primary targets include unpatched systems, undefined access controls, obsolete infrastructure, lack of incidence response, and flat networks.

Gert Thoonen, operational technology (OT) specialist and strategist at Rockwell Automation. Courtesy of Gert Thoonen.

Are there specific cybersecurity regulations for the energy sector?

Yes, each region has cybersecurity regulations and standards, such as NERC-CIP for the USA, DESC in Dubai, NCA-OTCC in Saudi Arabia, and Q-CERT in Qatar. Most organizations aim to conform to IEC 62443 as the gold standard.

What are the challenges of cybersecurity in the energy industry?

Three primary characteristics make the energy sector especially vulnerable to cyber threats, making them a rich target for nation-state adversaries and for-profit cybercriminals.

First, utilities have an ever-increasing attack surface due to their difficult-to-harden, dispersed geographic locations. Hydroelectric dams and coal-fired generation plants are two good examples.

Second, utilities have complex third-party supply chain relationships, increasing exposure.

And, lastly, electric-power and gas companies have unique interdependencies between physical and cyber infrastructure that make OT infrastructure and IT networks highly vulnerable to attack.

Additionally, some complexities come from having a mix of private and public ownership and third-party vendor relationships that extend beyond geographical boundaries. The lack of skilled cybersecurity workers globally exacerbates the difficulties in meeting today’s energy-industry challenges.

What can companies do to protect their facilities from cyber threats?

The first step to protecting facilities is for decision-makers to recognize and understand the current environment and related threats. With this knowledge, they can identify the systems and devices most vulnerable to cyber-attacks and prioritize them. Most threats come from the network and securing that is imperative in an industrial site.

Identifying the early warning signs is key. This includes knowing which systems and servers are vulnerable to threats and determining whether the proper access controls are in place. Rockwell Automation offers a range of solutions that install and configure firewalls, intrusion prevention systems (IPS), anti-virus, application whitelisting, and endpoint hardening.

Industrial executives must focus on building a robust industrial cybersecurity program that is resilient and defensible.

Key areas for developing a cybersecurity program include:

Establishing baselines: Organizations should identify and address vulnerabilities, threats, and residual security risks. They then need to define risk tolerance by working with leadership teams to identify acceptable levels of cyber risk. They must categorize and quantify how these risks could impact strategic business objectives and, in turn, define what needs to be protected and to what level.

Measuring risk: Organizations should institute a plan that continuously measures and reports on cybersecurity risk. This will help ensure businesses understand trends and unexpected anomalies.

Mitigating risk: Organizations need to implement remediation steps and extend enterprise risk management policies and processes to cover cybersecurity risk.

Developing an incident response plan: Organizations should formulate incident response plans, which allow them to organize and formalize the steps to address a cybersecurity incident and conduct regular tests of cross-functional response teams.

ABOUT ROCKWELL AUTOMATION

Rockwell Automation provides various solutions and services to enhance cybersecurity in industrial environments and helps industries secure their operations against cyber threats.

Their services include risk assessment and consulting; network security; secure system design; cybersecurity training; incident response support; regulatory compliance; patch management and updates; and project execution and management. For more information about Rockwell’s services, visit: www.rockwellautomation.com/en-us.html