Utilities have become a target for cybercriminals, including terrorists acting in the interest of foreign nation-states. A cyberattack could cripple entire cities in the U.S. by hijacking or shutting down oil and gas refineries, water treatment facilities, or the power grid.
The report Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat? examines the risks that operational technologies (OTs) in the utility industry are exposed to. The study shows that digital transformation of the industry has exposed utility companies, their assets, and data to more threats.
To protect our nation’s vital resources, utilities need to explore new options for protecting mission-critical data, mitigating DDoS attacks and keeping their networks secure. . Encrypted wavelength is a security solution that can defend critical energy production and transmission sites from cyberattacks while maintaining low latency for optimal network performance. Internet access with DDoS protection can help reduce the threat of disruption of a utility’s operations. Some utilities may also benefit from working with a trusted partner who can ensure that network equipment and firewalls are patched properly, avoiding the kind of attack like the one that occurred to a Utah-based power company last year as was reported here by SC Magazine.
The threat of terrorist attacks on utility companies is real. According to Caught in the Crosshairs, more than half of respondents reported at least one attack in the past 12 months that resulted in either the loss of sensitive information or an outage. A quarter of respondents reported experiencing a “mega attack” that exhibited the sophistication of a nation-state.
In 2019, The Wall Street Journal reported that over a dozen cyberattacks against electric utilities in the U.S occurred in that year. These attacks have been attributed to LookBack malware and are being investigated by the FBI. The targets of these attacks included a utility company located in the Northeast region of the U.S.
The Government Accountability Office (GAO) issued a report stating that the U.S. electrical grid is exposed to major threats from nations, criminal groups, and terrorists. The report pinpointed industrial control systems (ICS) as a vulnerability, along with IoT devices and GPS systems.
Utilities have many points of vulnerability because of critical assets located in the field at remote sites. Information must be transmitted from energy generation sites to the utility’s headquarters, as well as to and from locations where energy is being distributed for consumption. Electrical utilities are also relying more on geographically dispersed alternative energy sources, such as windfarms and solar panel arrays.
Remote access points, office telecommunications, and the IoT devices used in the field and by residential and business customers all transmit data, creating opportunities for a breach. Information can be intercepted, corrupted, or stolen by bad actors at any point during transmission between sites.
Protecting data in transit from cyberterrorism presents a challenge for utility companies. Encryption technologies often add latency to networks, but with encrypted wavelength, utilities can have a layer 1 solution that provides the security they need without the sacrifice of network performance.
Internet access with DDoS protection means that attacks on utilities can be protected and quarantined, ensuring that traffic gets routed away from the Utility’s network so that normal operations can continue during an attack.
Whether big or small, utility companies face the same challenges when it comes to IT teams that are stretched thin. Working with a trusted partner for critical tasks like managing and updating network firewalls or other edge devices can help minimize the risk of leaving network equipment vulnerable to hackers by making sure the network is updated, secure and optimized.