As energy and utility companies undergo digital transformation, they face unique challenges when it comes to cybersecurity. Because they provide critical infrastructure services, they are very attractive to cybercriminals. The majority of the core functions of these organisations occur within their OT networks, which were once isolated from cyberattacks. But as IT and OT environments converge, OT devices are now being targeted by threat actors that are demanding ransom, stealing trade secrets and engaging in cyber warfare.
While these companies have similar vulnerabilities to those in other sectors, their expanded digital footprint across diverse supply chains, transportations and delivery systems increase their risk of falling victim to cyberattacks. What’s more, many of the traditional security tools that work in other sectors simply will not work in the OT environment.
When working to address this issue, it is important to understand just how widespread the challenge is – more than half of organisations have experienced a breach in their ICS or supervisory control and data acquisition (SCADA) systems. Because of the prevalence of these cyber risks, there are several solutions that leaders must put into place to defend against these complex cyber threats.
Four strategies for securing OT environments
The potential for a cyberattack on our energy and utility companies needs to be addressed by leaders in the industry and without a moment to spare. Lack of awareness, heightened focus on transformation without regard to security and a spending gap has all contributed to increased risk across these critical infrastructure environments. Fortunately, thanks to mounting awareness of these threats, cybersecurity is quickly becoming a top priority for most energy and utility companies.
The question is, what can cybersecurity teams do to quickly protect their OT environments? The answer boils down to four key strategies:
Zero Trust Network Access: All devices and all users must be scrutinised, logged and monitored for vulnerabilities. NAC solutions can investigate devices for context (who, what, where, when, how), tie them to policy, control access based on role and limit privileges to just those resources needed to do the job. Ongoing monitoring ensures devices comply with policy once they have been granted access.
Segmentation: When practicing a zero trust network access strategy, the assumption is that users, devices and apps may have already been compromised and countermeasures must already be in place. Dynamically segmenting these devices, apps and workflows acts, either at the point of access or when workflows and transactions are initiated, serves as a way to limit the impact of a breach.
ICS/SCADA security: Cybersecurity teams must identify and deploy security tools that have been created expressly for the energy and utilities sector – they should be able to meet the demands of ICS/SCADA environments, function without disrupting delicate OT systems and sensors, support common protocols and withstand the harsh physical conditions where they are often deployed.
Business analytics: Visibility is key. A proactive security posture that handles threats at speed is essential – it must be able to make use of advanced behavioural analytics to identify abnormal behaviour, quarantine offending devices and safely detonate threats so attacks won’t impact live operations.
Cyber threat actors and adversaries lurk everywhere, targeting energy and utility companies with a vengeance not commonly seen in other sectors. As guardians of our critical infrastructure – including energy grids, mining and drilling operations, refineries, energy transportation and pipelines and materials companies – the security teams who work in these organisations have an enormous challenge ahead of them. The four strategies outlined above are their building blocks for success in outmaneuvering cyber criminals seeking to harm our critical infrastructure.
Learn how Fortinet can help you extend security from your toughest ICS/SCADA locations to your network application, multi-cloud or edge environment.
By Rick Peters, Operational Technology Global Enablement Director at Fortinet