The U.S. utility industry is one of the most important industries in the country and provides water, sewage, energy, and other basic services to the public. This sector employs more than 500,000 people and has a market value of $1.5 trillion. However, utility companies are extremely vulnerable when it comes to security. The sector is a prime candidate for cyberattacks, as well as physical attacks. As our cities become smarter, the pressure on the nation’s energy grid increases and utility security risks become more serious. Utility companies must remain aware and responsive to industry-wide concerns in order to mitigate these threats and keep the nation’s grid secure with advanced technologies and utility surveillance systems. With that being said, properly crafted critical infrastructure surveillance aids in the prevention of theft and other unwanted activity.
Securing The Nation’s Utility Sector
The utility sector presents a unique security challenge because its physical infrastructure is intertwined with the virtual systems being used to automate processes and provide security. This interdependence is called a physical-cyber convergence, and it presents utility security risks within the utility industry. A disruption of one portion of these systems could very well affect the other, causing loss of power, destruction of equipment, and damage to devices throughout the grid. When considering the problems they will need to address, utility companies should focus on five key areas of risk:
Risk #1 – Securing Critical Infrastructure And The Grid
The critical infrastructure that makes up the energy sector keeps the nation’s lights on and plays a vital role in our economy. However, our energy and utility infrastructures are experiencing a shift toward the use of smart technologies, which often creates new utility security risks within the sector. Aging operational technologies (such as Industrial Control Systems and SCADA) are prime targets for criminals as they are connected to wider networks. Ransomware, malware, and attack campaigns by savvy cybercrime groups could easily cause mass outages of the nation’s grid. Experts within the field estimate that some components of the country’s energy grid are more than a century old – twice its usable life expectancy of 50 years. As this old infrastructure wears out, it becomes vulnerable to digital threats, especially if the aging technology is being linked to advanced technology without proper upgrades. This means that there may not be much standing between the grid and a crisis.
Risk #2 – IoT and Cyberphysicl attacks
In the past several years, cyber threats to utility providers have grown in number and sophistication. One of the key reasons for this spike in cyberattacks is the increase in the use of internet-enabled devices and wireless sensor networks by energy and utility providers. Traditional energy systems are based on the use of cyber-physical systems, but advances in technology have introduced the Internet of Things (IoT) and the idea of controlling physical systems through digital methods. Mobile apps have become popular with energy providers, which presents unique utility security risks across the sector. These risks include espionage, data breaches, vandalism, physical damage, and data tampering. As a result of the increased use of these wireless data connection systems, utility providers must adapt their security measures and upgrade systems accordingly.
Riks #3 – Automation, AI, And Privacy
Advances in technology are being used by the energy sector to streamline processes and operations. These advances include cloud computing, big data, robotics, and artificial intelligence (AI). Such automation certainly creates more efficient procedures, but it also brings about new security and privacy concerns as AI captures sensitive personal information to build optimized systems. The aggregation of all the data collected means new concerns in terms of privacy and requires utility providers to guard against data breaches and cyberattacks in order to protect consumers.
Risk #4 – Security Skills Shortage And Employee Training
Utility companies have been in operation for decades, and are part of a well-established, traditional industrial sector. Their daily operations included minimal security, but now – with the increase in cyber threats around the globe – they must adapt to an increasingly complicated technology environment that necessitates increased security measures. As the industry changes, utility operators much acknowledge the need for different security teams and be willing to invest in the training of employees to guard against phishing attempts or other insider threats that could derail operations and affect the grid.
Risk #5 – Securing The Supply Chain
The increasing use of connected services within the supply chain has complicated the delivery and receipt of products across the nation. Utility providers are especially vulnerable to cyberattacks within the supply chain and need to be aware of the unique threats up and down the chain. These threats include the disruption of services provided by power plants and clean energy generators after a ransomware attack; a large-scale disruption of power to customers through a cyberattack that remotely disconnects services; the disruption of substations leading to regional loss of services; and the theft of customer information over an unsecured network.
Mitigating Utility Security Risks
The cost of upgrading outdated technology is prohibitive to many operators, but the outdated technologies being used have led to security breaches for many utility companies. As utility providers increase their use of technology to automate operational processes, they must keep in mind the importance of putting in place digital defense measures to mitigate utility security risks and invest in the training of all employees to ensure cyber security breaches do not occur. At the same time, it’s worth investing in physical security measures to maintain the integrity of the nation’s energy grid and connected networks. Good physical security at utility sites can help ensure the integrity of sensitive areas such as data centers and substations. By paying attention to both the physical and cyber security measures they have put in place, utility operators can guarantee the security of their data as well as the integrity of the nation’s energy grid.
For more information about security options for energy and power plants, click here.
Brent CanfieldCEO and Creator of SentryPODS
Brent Canfield, CEO, and founder of Smart Digital and SentryPODS, founded Smart Digital in 2007 after completing a nine-year active-duty career with the United States Marine Corps. During the 2016 election cycle, he provided executive protection for Dr. Ben Carson. He has also authored articles for Security Info Watch.