ORIGINAL REPORTING: Designing A Cybersecure Power System
New power system cybersecurity architectures can be ‘vaults’ against insider attacks, analysts say; Layered, automated, deep defenses for growing distribution system vulnerabilities will be tested by an NREL-private partnership.
Herman K. Trabish, February 17, 2023 (Utility Dive)
Editor’s note: Threats and protections continue to grapple over the fate of the power system.
New utility cybersecurity strategies are needed to counter sophisticated intrusions now threatening the operations of an increasingly distributed power system’s widening attack surface, security analysts agree.
There are cyber vulnerabilities in “every piece of hardware and software” being added to the power system, the September 2022 Cybersecurity and Infrastructure Security Agency, or CISA, Strategic Plan 2023-25 for U.S. cybersecurity reported. Yet 2022 saw U.S. utilities propose $29.22 billion for hardware and software-dependent modernizations, the North Carolina Clean Energy Technology Center reported Feb. 1.
New hardware and software can allow malicious actors to have insider access through utilities’ firewalled internet technology to vital operations technology, cyber analysts said. “No amount of traditional security will block the insider threat to critical infrastructure,” said Erfan Ibrahim, CEO and founder of independent cybersecurity consultant The Bit Bazaar. “The mindset of trusted versus untrusted users must be replaced with a new zero trust paradigm with multiple levels of authentication and monitoring,” he added.
Growing “distribution system entry points” make “keeping hackers away from operations infrastructure almost unworkable,” agreed CEO Duncan Greatwood of cybersecurity provider Xage. But distributed resources can provide “resilience” if a distributed cybersecurity architecture “mirrors” the structure of the distribution system where they are growing to “contain and isolate intrusions before they spread to operations,” he said.
New multi-level cybersecurity designs can provide both rapid automated distributed protections for distributed resources and layers of protections for core assets, cybersecurity providers said. But the new strategies remain at the concept stage and many utilities remain unwilling to take on the costs and complexities of cybersecurity modernization, analysts said.
Critical infrastructure is already vulnerable to insider attacks. After the 2021 Colonial Pipeline shutdown, a 2019-2020 attack known as SUNBURST and directed against U.S. online corporate and government networks, and Russia’s 2015 shutdown of Ukraine’s power system, 14 of the 16 2021 ransomware attacks on U.S. “critical infrastructure” sectors, including the energy sector, the FBI reported. And new vulnerabilities allowed attacks that also caused data losses, disrupted network traffic, and even denial-of-service shutdowns, according to technological and research firm Gartner… click here for more