Stay safe

Edgard Capdevielle addresses the cyber security concerns of the energy sector

The nation’s critical infrastructure is of vital importance to our society and economy as it provides essential services for industries – from manufacturing to transportation, energy, oil and gas.

When looking at Energy particularly, any deficiency or disruption to the power supply will have an enormous impact on society.

The rise of smart grids and devices has seen the sector become increasingly vulnerable to cyberattacks. The Ukraine power grid outage in 2015, which affected 225,000 people, serves as an example of the potential impact of cyberattacks to the electricity subsector. However, it’s not just malicious individuals that cause outages as many cyber threats, from weak passwords to open ports, whether caused intentionally or as the result of unintentional mistakes, can all negatively impact reliability.

To protect reliability, energy providers need to stay up-todate with both cybersecurity challenges and the methods available to monitor and mitigate threats.

Increase in cybersecurity concerns
There are very real concerns that the damage from cyber threats could cross over to the physical world resulting in equipment failure, power outages or even causing fires and perhaps explosions within affected plants. According to the World Energy Council, energy companies have seen a massive increase in the number of successful cyberattacks over the past few years. It urges its members to consider cyber risks beyond energy security alone and to address the need to maintain resilient states and economies.

It’s not alone as, according to the SANS 2016 State of ICS Security Survey, companies feel that their control systems are more threatened than a year ago. Twenty four per cent of respondents had moved from a moderate or low threat-level perception to high or even severe/critical levels.

Looking at the top three threat vectors respondents felt the greatest was from external threats (61 per cent), with internal or unintentional threats second (42 per cent), and third from malware spreading across the infrastructure indiscriminately (41 per cent).

Rather worryingly, the SANS survey also found that security for ICS had not improved in many areas and, instead, many problems identified as high-priority concerns in past surveys remain as prevalent as ever. There is a real need for critical infrastructure owners, hardware vendors, information security experts and government officials to work together to create industry security programs that improve cyber resiliency and ultimately keep everyone safe.

Creating cyber resilient systems
To truly ensure reliability, cybersecurity teams need to consider how new advanced technologies can help them take a step toward safer and more reliable critical infrastructure.

For example, solutions are now available that use Machine Learning and Artificial Intelligence to quickly learn and model the large, heterogenous Industrial Control Systems (ICS) used to run energy systems. This overcomes the challenges of dealing with the complexities of these systems, which make it virtually impossible for humans to track manually and identify the signs of compromise or irregularities that cyber attackers or unintentional threats leave.

These powerful solutions can monitor networks, in real-time, and rapidly detect any changes from baseline behaviour:

• Machine Learning is used to automatically discover, in real-time, the industrial network including its components, connections and topology.
• This is then supplemented with SS advanced learning capabilities (AI) to develop process and security profiles, mapping relationships and changes

The powerful combination of ML and AI offers operational efficiency benefits by consolidating high volumes of alerts into context-aware incidents. To do this manually, if it were even possible, would require many highly trained individuals, something the security sector doesn’t have with the current skills shortage.

By baselining the devices on the network, and how they impact process behaviour, any malfunctions, misconfigurations and irregularities can be quickly spotted, preventing frustrating service disruptions and even expensive repairs or loss of revenue.

This intelligence can also speed up investigations of incidents to contain attacks before significant damage can occur, without needing to add additional skilled staff.

While it’s true to say that the energy industry has been more progressive and proactive about cyber security than some other sectors, there is always room for improvements and innovation.

The critical role that the energy, oil and gas sectors play in the functioning of today’s economy and the rise of digitalisations of those sectors means leaving them exposed is not an option. Innovations, such as Machine Learning and Artificial Intelligence, can enhance cyber-attack detection and help companies leverage technologies to gain efficiencies in their industrial process cybersecurity programmes, as well as speeding the investigation of incidents to contain attacks before significant damage can occur.

This must be the goal for everyone concerned.

Nozomi Networks
Edgard Capdevielle is CEO of Nozomi Networks. Nozomi Networks has been revolutionising ICS cybersecurity and enabling operational visibility for industrial control systems (ICS) since 2013. Deployed in some of the world’s largest industrial installations, its solution delivers industrial network visualisation, asset management, vulnerability assessment and both process anomaly and intrusion detection. The results are simple: enhanced cybersecurity, maximised uptime and real ROI. Nozomi Networks is headquartered in San Francisco, California, and Mendrisio, Switzerland.

For further information please visit: nozominetworks.com