Over the past several years, the utilities sector has continued to modernize and digitize their operations at breakneck speed.
Utilities currently possess an abundance of new opportunities: from cloud-based networking to the automation of critical infrastructure with Industrial IoT (IIoT). But these opportunities also make the modern utility increasingly susceptible to cyber attacks.
Because utilities have critical infrastructure vital to the success of the American economy, they are more likely to face cyber threats from individuals, industrial espionage groups, terrorist organizations, and hostile states.
As Nils Ahrlich, Head of Strategy for Security and IoT at Nokia, explains: “Cybersecurity for connected utilities has become significantly larger and more complex.”
“At the same time,” he continues, “cyber attacks have become more organizationally sophisticated. Back in the day, cyber threats would often come from ‘lone-wolf’ types — individual hackers. But today, the majority of significant cyber attacks emerge from criminal enterprises. Within this criminal ecosystem, attacks are becoming far more advanced, disruptive, and harmful.”
The Evolution of Cyber Attacks
From Ahrlich’s perspective, the increase and coordination of these criminals has changed the nature of the threats. Today, utilities and other organizations face a barrage of advanced persistent threats (APTs), distributed denial of service (DDoS), along with malware and ransomware attacks.
Ahrlich recently spoke of the potential dangers posed by APTs as it pertained to a recent case with one of Nokia’s Asian customers.
“A particular employee was the target of a spear-phishing attack,” Ahrlich related. “It was an employee with certain credentials the criminal needed. Once the attacker gained access to these credentials, they were able to collect data, change our customer’s network configurations, and eventually completely mop their network.”
“Once they were able to place this malware ‘bomb’ on our customer’s critical systems, they took control of the network. Then, of course, came the ransom demand. We’re seeing this type of attack with greater and greater frequency with critical network providers.”
With the changing landscape of OT and IT cybersecurity in the utilities in recent years, Ahrlich sees an opportunity to coordinate the exponential growth in connectivity and automation in the utilities with the advances in security.
“While utilities modernize and digitize to improve connectivity,” Alrich opines, “they must also modernize their cybersecurity. Both the technology and the processes need to change to comply to new standards.”
The largest opportunity for developing more advanced cybersecurity technologies and protocols will occur when cybersecurity teams in the utilities receive the tools they need to achieve their goals.
Defense-in-Depth and Layered Security for the Utilities
For Hansen Chan, Marketing Manager at Nokia, taking a defense-in-depth approach to cybersecurity will be necessary to mitigate all the risks to critical infrastructure.
“The goal,” Chan explains, “is to build cyber defenses aligned with a network’s operational capabilities. In order to do that, there are numerous things that need to be taken into consideration — technology, processes, and employees.”
Modern network security in the utilities deploys a three-layered framework with an application layer, service layer, and infrastructure layer.
- At the application layer, one finds utilities’ endpoint devices, their CCTVs, SCADA system, etc., powering critical infrastructure applications.
- Because these devices communicate, you need security at the service layer as well, within the different circuits or VPNs that connect remote devices to a utility’s data center.
- Finally, there is the network layer, comprising IP/MPLS routers, optical and microwave transport, which requires security protocols and technology as well.
As Chan explains, the type of security deployed at each layer varies. “Endpoint security,” he says, “which is the focus of the application layer is different from security at the network layer. Security at the network layer focuses more on data confidentiality, data integrity, and service/infrastructure availability.”
In order to embrace this approach to security, you need to think of your network not as unidimensional, but as a complex, multidimensional series of planes. You need to be able to visualize your network as three distinct planes:
Control Plane: Signaling and routing between different network elements
Data Plane: The plane where application and management traffic traverse
Management Plane: Where the management of the network occurs
These planes are based on the two technology pillars of modern network security: the network communications pillar and the network governance pillar.
The network communications pillar safeguards the data in your network, whereas the network governance pillar contains the network user profile, network assets and resource access, and configuration.
The Human Element in Network Security
Both Ahrlich and Chan think that the most important factor to any network security technology deployed by the utilities sector to be the human factor.
Dealing with the human side of cybersecurity requires an extensive deployment of human resources to train your staff, as well as the establishment of clearance protocols.
As Ahrlich puts it: “The cybersecurity of your utility’s network is only as strong as staff who are given access to it. It is absolutely critical to regulate the number of staff with full access to the network, and control the access of users, administrators, engineers, and subcontractors.”
In the case mentioned earlier of the employee who unwittingly gave hackers access to his company’s utility network, this crisis may never have arisen if stricter access protocols had been implemented.
“We cannot underestimate the vulnerabilities of the human uses in network defense,” Hansen Chan explains. “You may have intelligent network security, but it will only ever be as smart as the humans who use it on a consistent basis.”
Holding regular training sessions with your employees on topics such as phishing emails, and the many other methods cybercriminals use to gain access to your utilities network go a long way in protecting it.
At Infinity Technology Solutions, with access to and expertise in the full portfolio of Nokia products, we have been helping the utilities sector grow their network capabilities and security for years.
