The electricity sector is in the midst of a fundamental cultural change with respect to cybersecurity. While the electricity sector has been the only critical infrastructure sector that has had mandatory and enforceable cybersecurity standards to date, this minimum level of protection is not enough to battle the continuous onslaught of malicious code and targeted attacks against IT and Industrial Control Systems (ICS). The comprehensive “baseline of security” found within the NERC Critical Infrastructure Protection Standards is necessary to ensure that we are all speaking the same language. These mandatory standards, while minimal, provide awareness and basic security precautions for utilities. However, cybersecurity professionals are hungry for a strategic advantage to battle new denial of service attacks and unauthorized access to systems. Industry has started to focus its efforts on combating the issue head-on through timely cyber threat intelligence. Large utilities with the manpower and resources to address this initiative are changing the security model from reactive to proactive. If you understand your adversaries’ tactics, intent and capabilities, you can develop strategies to combat their attacks and better plan for future threats. Better, more proactive security can be achieved through information sharing agreements and partnerships with other utilities, regulatory agencies and intelligence partners.
The electricity sector, along with other energy sector partners such as the oil and natural gas sector and the chemical sector, are already drowning in cybersecurity information overload. Raw, unfiltered data feeds, typically from third-party companies, provide information regarding harmful IP addresses and other information such as virus or disruptive software installation. This mountain of data, while useful in theory, is oftentimes overwhelming and needlessly sounds alarm bells. Many utilities do not have the dedicated resources to dissect and aggregate this data and are thus unable to react appropriately, or wind up drawing inaccurate conclusions. As a result, the electricity sector is demanding more access from regulators and federal partners to actionable intelligence and threat streams. With this added intelligence, utilities can better pinpoint threats to specific systems and focus efforts on system recovery and restoration. This will undoubtedly drive better, more informed responses to security incidents.