The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?
A recent study from Siemens and the Ponemon Institute has shone a light on the cybersecurity issues threatening and affecting the utilities industry.
The firms surveyed 1726 utility professionals responsible for securing or overseeing cyber-risk in Operational Technology (OT) environments at electric utilities with gas, solar, wind assets, and water utilities throughout North America, Europe, Middle East, the Asia-Pacific region and Latin America.
The findings, detailed in the report Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat? outline the utility industry’s vulnerability to cyber-risk, readiness to address future attacks and provide advice on strategies for securing critical infrastructure.
Starting with threats, the research warned that risks appear to be worsening, highlighting key vulnerabilities in energy infrastructure that malicious actors seek to exploit. These include common security gaps that are created as utilities rely on digitalization to leverage data analytics, artificial intelligence and balance the grid with intermittent renewable energy and distributed power generation.
The report read: “The target of attacks has shifted toward OT. The majority of respondents agree that cyber-threats are a greater risk in the OT than the IT environment. Where past attacks primarily targeted data theft, current and future attacks can hijack control systems and logic controllers that operate critical infrastructure with the intent to cause physical damage and outages.”
More than half of those surveyed (56%) stated they had experienced at least one shutdown or operational data loss per year, and 64% claimed that defending against/dealing with sophisticated attacks is a top challenge: only 42% rated their cyber-readiness as high, and just 31% rated their readiness to respond to or contain a breach as high.
What’s more, 54% of respondents expect an attack on critical infrastructure in the next 12 months.
Commenting on the research, Randy Bell, director of the Atlantic Council Global Energy Center, said: “Increasing electrification across a range of sectors is a crucial piece in the decarbonization puzzle, but, as the Siemens and Ponemon Institute report documents, an increase in grid-connected infrastructure creates additional vulnerabilities to cyber-attacks. A devastating attack would not only harm the economy, but it could also slow down the rate of electrification.”
The report concluded: “Leaders within the utility industry need to allocate attention and resources to their cyber-defenses commensurate with the increased risk to their businesses.”
Siemens pointed to the following frameworks as key in improving cybersecurity for OT and the wider utilities industry: visibility into systems, skill sets for OT security and solutions that account for the interconnected nature of OT systems.
Siemens added that organizations need the ability to: keep up with changes in technology, business models, and attack modes, detect when an attack or other anomaly occurs and respond when an incident is detected.