Connect with us

Hi, what are you looking for?

Tech & Science

US Federal government seeks to unpick hacks on utilities

Leaders in the utilities sector must navigate the complexities of volatility, decarbonization, digitalization, and regulatory changes.

California's power grid is struggling to cope with the huge demand for air conditioning during an extreme heat
California's power grid is struggling to cope with the huge demand for air conditioning during an extreme heat - Copyright AFP Frederic J. BROWN
California's power grid is struggling to cope with the huge demand for air conditioning during an extreme heat - Copyright AFP Frederic J. BROWN

The cyberthreats facing electric-power and gas companies include data theft, billing fraud, and ransomware. In addition, specific characteristics of the energy sector heighten the risk and impact of cyberthreats against utilities.

In terms of attacks on utilities, November 2023 saw a cybersecurity incident affecting General Electric (GE), the multinational technology giant with divisions across the power, renewable, and aerospace industries.

The company was forced to investigate claims of a cyberattack by threat actor IntelBroker. IntelBroker allegedly breached GE’s development environment. After failing to find a buyer for access to the breached systems, the threat actor has returned to the hacking forum to sell both network access and breached data. This alleged data includes DARPA-related military information and SQL files.

It was also in November that the U.S. federal government looked into a series of hacks against U.S. water facilities.

On this incident, Howard Goodman, Technical Director at Skybox Security, explains: “In light of the recent cyberattacks on U.S. water facilities, it’s become increasingly evident that business leaders must proactively anticipate cyber threats.”

How might utility providers achieve this? Goodman  recommends: “The merging of operational and information technology in utilities heightens vulnerabilities, widening the attack surface. Thus, achieving visibility into cybersecurity is critical for protecting infrastructure.”

Rogue states remain a major concern. In this case the finger points towards Iran. Goodman thinks: “As the federal government investigates these attacks, attributed to an Iranian government-linked group, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued recommendations for water utilities. These include updating passwords, enabling multi-factor authentication, and disconnecting critical control systems from the internet. Additionally, the White House has introduced a plan to fortify cybersecurity across the water sector, pushing for early threat detection and improved incident response.”

In drawing out an action plan, Goodman recommends: “Leaders in the utilities sector must navigate the complexities of volatility, decarbonization, digitalization, and regulatory changes. Understanding these dynamics is key to strengthening security measures.”

To effectively bridge the gap between operational technology and information technology, Goodman proposes that utility leaders should:

  • Enhance security posture management by adopting new technologies for early detection of cyber threats.
  • Implement automation for sustained compliance with cybersecurity best practices.
  • Foster a unified view across security and OT/IT with a comprehensive network model.
  • Break down silos to eliminate security blind spots within the organization.
  • Minimize downtime by optimizing remediation strategies, extending beyond traditional patching.

In summing up, Goodman assesses: “These steps are not just precautionary but necessary in fostering resilience against the backdrop of international cyber warfare and its implications for critical infrastructure sectors.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Financial AI could be used for something other than destroying the world.  

Business

Asian markets stumbled out of the gates Monday, extending last week's grim start to the year.

Business

Vinfast is looking to expand overseas but has had a rocky start - Copyright AFP Patrick T. FALLONVietnamese carmaker VinFast said it will build...

World

Palestinian villager Ghadeer al-Atrash in front of her bulldozed home in Al-Walaja - Copyright AFP INDRANIL MUKHERJEEAnuj CHOPRADabbing away tears, Ghadeer al-Atrash stood before...