In 2016, the popular TV series “Mr. Robot” aired an explosive season finale that left viewers questioning the boundaries of what was possible with regard to cyberattacks. Could seemingly inconspicuous power devices really offer potential gateways, as they had in the episode, for hackers to gain access and manipulate a network?
In just a few short years since the show aired, the answer to that question has proven a definitive yes. The advancement of interconnectivity and IoT-enabled equipment has brought a variety of new benefits to the enterprise, including the ability streamline operational efficiency by connected devices like uninterruptible power systems (UPSs) and other power backup devices. However, with this enhanced connectivity comes the possibility for risk. Even HVAC systems can be susceptible if they’re not safeguarded.
As hackers modify their targets amid IT evolution, the ability to eliminate system vulnerabilities has never been more critical. In this article, we’ll offer guidance on implementing an end-to-end cybersecurity strategy that encompasses power management.
Connecting the dots
It’s because equipment has become so much smarter and more interconnected that new vulnerabilities persist – some that may have once seemed like Hollywood fiction. Several trends are taking shape across the IT landscape that continue to push this megatrend forward and make power backup devices a necessary priority when it comes to cybersecurity.
Security issues have been on the rise as IT frameworks have become more connected and digitized. In a Fortinet survey regarding the security implications of the digital transformation, a total of 85 percent of CISOs reported that security concerns during digital transformation had a large business impact. This is especially true for companies lacking integration across their security solutions and complete visibility into user, system and network behavior. Software and power systems must work together to ensure a cohesive, seamless and layered protection solution for optimal network security against computer malware and other attacks.
Dynamics of the digital transformation have only intensified as many employees have shifted to remote work scenarios amid the pandemic, making information and computer security more critical, and the impact of downtime potentially more significant. Recent reporting from the International Criminal Police Organization (Interpol) revealed that an alarming rate of cyberattacks have occurred during the pandemic. Interpol reported that in a four-month period, 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs related to COVID-19 were detected. As new opportunities for criminal activity emerge in our heavily dependent online world, these findings underscore how important it is for businesses to take necessary steps to ensure their cybersecurity strategies are up to date.
An interconnected power grid
The U.S. electric grid is becoming more vulnerable to cyberattacks, largely due to industrial control systems and the rise of distributed resources, according to research from the U.S. Government Accountability Office. Another assessment determined multiple hacking groups have the capability to interfere with or disrupt power grids across the country, while the number of cyber-criminal operations targeting electricity and other utilities is on the rise.
Ultimately, while the risks posed by these developments are great, the right approach to cybersecurity can help mitigate threats. There are a number of measures that IT and cybersecurity leaders can take to ensure an effective level of security for their businesses and protect power systems.
A secure approach to power management
As connected options advance, enterprises must keep pace with industry developments to ensure products are compliant with certification standards. One critical advancement in this approach is the effort by global standards organizations to define processes and methods to certify products as secure across the expanding connected spectrum.
The global safety science organization UL has developed and published a standard, UL 2900-1, for software cybersecurity for network-connectable devices. The standard provides criteria and methods for evaluating and testing for vulnerabilities, software weaknesses and malware, as well as requirements regarding the presence of security risk controls in the architecture and design of a product. The International Electrotechnical Commission (IEC) has also released cybersecurity certifications such as ISA/IEC 62443 to give companies a resource to address security vulnerabilities in industrial automation and control systems.
Purchasing power management equipment that has been certified can give companies greater peace of mind as they look to advance and add new solutions to their network. Today, there are UPS network management cards available with UL 2900-1 and IEC 62443-4-2 certification. With built-in cybersecurity features, these solutions boast stronger encryption, configurable password policy and usage of CA and PKI signed certificates.
By pairing backup equipment with power management software, organizations can also make timely firmware installation and updates to stay ahead of evolving cybersecurity threats. As new vulnerabilities are identified, businesses can work with their technology service providers to embed necessary patches or solutions. For example, as Ripple20 vulnerabilities were recently identified in the Quadros stack, potentially billions of connected devices were exposed to this vulnerability. Power management software allows mass updating to apply patches and remove this exposure, at scale, quickly across the power chain.
Last but not least, enterprises should remember to consider physical security as part of their strategy when it comes to keeping power management equipment safe and secure. Taking measures to deploy smart security locks on IT racks, for example, can help to ensure that only authorized personnel have access to IT equipment.
As enterprises adopt new solutions to enhance their operations and differentiate from the competition, IT infrastructure will only become more interconnected. Thus, cybersecurity is going to be a continuous journey with industry standards evolving along with the methods attackers use to penetrate organizational defenses. By making a commitment to end-to-end cybersecurity in the midst of ongoing advancement, and with power management a part of that priority, enterprises can place themselves in the best position to avoid risks and save money down the road.