How to Secure the Modern Utility Grid

6th May 2020

Utilities are embracing modernisation efforts to increase efficiency and reliability and enable renewable energy. But there’s another trend utilities must account for: cyber-attacks. Attacks in July of 2019 against the US and in December of 2015 against the Ukraine power grid proved that a cyber-attack can take utilities offline, endangering lives and incurring significant financial costs. While various utilities are at different stages of grid modernisation, they should always keep security as the top priority to reduce the risk of a cyber-attack. Below, we overview both the challenges and a three-prong approach to ensuring the safety of today’s utility grid.

Cybersecurity challenges for utilities

Utilities face several challenges when it comes to detecting and responding to cybersecurity attacks. The first is a lack of visibility. Operators can only stop malicious activities they can see – they need to know and be aware of what’s happening on the network. Currently, most control systems monitor the network, but they lack the visibility and insight that operators require to detect and stop a cyber-attack.

The second cybersecurity challenge is a lack of mitigation. It doesn’t do a whole lot of good to be able to see malicious activity if you can’t do anything about it. Utilities need technologies that enable them to stop cyber-attacks. This requires a variety of cybersecurity technologies working together seamlessly. And that brings us to a third challenge: the integration of these technologies to ensure effective and efficient incident response. If the various layers of security controls do not “talk” to each other smoothly and share data, then utilities will struggle with operational overhead.

A three-prong approach to securing utilities

At Cisco, they have a three-prong approach to securing utilities. It begins with Cisco Cyber Vision, which provides visibility of the network and edge intelligence. Cisco Cyber Vision allows operators to see East/West control system communications and device communications. It then performs deep packet inspection of control traffic to expose what devices are communicating with each other and why. It also conducts a baseline of the traffic and generates an alert if there’s an anomaly in or between control systems.

The second prong in Cisco’s approach to securing the utility grid is the implementation of defence in depth to mitigate attacks. Cisco has all of the network security equipment that comprises a defence-in-depth strategy. They also have a proven, holistic security architecture that covers the edge of the grid to control centre and provides separation and segmentation to prevent attacks from entering through IT. These pre-validated integrations — Cisco Validated Designs — simplify deployment and operations while greatly reducing your risks and security operations cost.

Finally, a cybersecurity solution requires collaboration between both IT security and operations teams. Each team brings their own skills and experience to the table. The IT security team is typically savvy in cybersecurity and common defence and mitigation schemes. The OT team has the insight of protocols and processes of the operational network. A security program will be enormously successful if IT and OT work closely together, complementing each other’s knowledge, skills, and experience.

Organisations simply cannot modernise the utility grid without incorporating cybersecurity — it is a requirement for operating in the 21^st century. Cyber-attacks are a proven threat. Therefore, cybersecurity must be a key component of a modernisation effort. This requires visibility, controls to mitigate attacks, and the cooperation between IT and OT. Cisco has helped hundreds of utilities organisations around the world implementing this three-prong approach to cybersecurity and can help you, too.