The cyberthreats facing electric-power and gas companies include data theft, billing fraud, and ransomware. In addition, specific characteristics of the energy sector heighten the risk and impact of cyberthreats against utilities.
In terms of attacks on utilities, November 2023 saw a cybersecurity incident affecting General Electric (GE), the multinational technology giant with divisions across the power, renewable, and aerospace industries.
The company was forced to investigate claims of a cyberattack by threat actor IntelBroker. IntelBroker allegedly breached GE’s development environment. After failing to find a buyer for access to the breached systems, the threat actor has returned to the hacking forum to sell both network access and breached data. This alleged data includes DARPA-related military information and SQL files.
It was also in November that the U.S. federal government looked into a series of hacks against U.S. water facilities.
On this incident, Howard Goodman, Technical Director at Skybox Security, explains: “In light of the recent cyberattacks on U.S. water facilities, it’s become increasingly evident that business leaders must proactively anticipate cyber threats.”
How might utility providers achieve this? Goodman recommends: “The merging of operational and information technology in utilities heightens vulnerabilities, widening the attack surface. Thus, achieving visibility into cybersecurity is critical for protecting infrastructure.”
Rogue states remain a major concern. In this case the finger points towards Iran. Goodman thinks: “As the federal government investigates these attacks, attributed to an Iranian government-linked group, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued recommendations for water utilities. These include updating passwords, enabling multi-factor authentication, and disconnecting critical control systems from the internet. Additionally, the White House has introduced a plan to fortify cybersecurity across the water sector, pushing for early threat detection and improved incident response.”
In drawing out an action plan, Goodman recommends: “Leaders in the utilities sector must navigate the complexities of volatility, decarbonization, digitalization, and regulatory changes. Understanding these dynamics is key to strengthening security measures.”
To effectively bridge the gap between operational technology and information technology, Goodman proposes that utility leaders should:
- Enhance security posture management by adopting new technologies for early detection of cyber threats.
- Implement automation for sustained compliance with cybersecurity best practices.
- Foster a unified view across security and OT/IT with a comprehensive network model.
- Break down silos to eliminate security blind spots within the organization.
- Minimize downtime by optimizing remediation strategies, extending beyond traditional patching.
In summing up, Goodman assesses: “These steps are not just precautionary but necessary in fostering resilience against the backdrop of international cyber warfare and its implications for critical infrastructure sectors.”