Utilities have become a target for cybercriminals, including terrorists acting in the interest of foreign nation-states. A cyberattack could cripple entire cities in the U.S. by hijacking or shutting down oil and gas refineries, water treatment facilities, or the power grid.
The report Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat? examines the risks that operational technologies (OTs) in the utility industry are exposed to. The study shows that digital transformation of the industry has exposed utility companies, their assets, and data to more threats.
To protect our nation’s vital resources, utilities need to explore new options for protecting mission-critical data, mitigating DDoS attacks and keeping their networks secure. . Encrypted wavelength is a security solution that can defend critical energy production and transmission sites from cyberattacks while maintaining low latency for optimal network performance. Internet access with DDoS protection can help reduce the threat of disruption of a utility’s operations. Some utilities may also benefit from working with a trusted partner who can ensure that network equipment and firewalls are patched properly, avoiding the kind of attack like the one that occurred to a Utah-based power company last year as was reported here by SC Magazine.
The Utility Risk Landscape
The threat of terrorist attacks on utility companies is real. According to Caught in the Crosshairs, more than half of respondents reported at least one attack in the past 12 months that resulted in either the loss of sensitive information or an outage. A quarter of respondents reported experiencing a “mega attack” that exhibited the sophistication of a nation-state.
In 2019, The Wall Street Journal reported that over a dozen cyberattacks against electric utilities in the U.S occurred in that year. These attacks have been attributed to LookBack malware and are being investigated by the FBI. The targets of these attacks included a utility company located in the Northeast region of the U.S.
Chinks in the Armor of Utility Companies
The Government Accountability Office (GAO) issued a report stating that the U.S. electrical grid is exposed to major threats from nations, criminal groups, and terrorists. The report pinpointed industrial control systems (ICS) as a vulnerability, along with IoT devices and GPS systems.
Utilities have many points of vulnerability because of critical assets located in the field at remote sites. Information must be transmitted from energy generation sites to the utility’s headquarters, as well as to and from locations where energy is being distributed for consumption. Electrical utilities are also relying more on geographically dispersed alternative energy sources, such as windfarms and solar panel arrays.
Remote access points, office telecommunications, and the IoT devices used in the field and by residential and business customers all transmit data, creating opportunities for a breach. Information can be intercepted, corrupted, or stolen by bad actors at any point during transmission between sites.
Slaying the Cyberattack Dragon
Protecting data in transit from cyberterrorism presents a challenge for utility companies. Encryption technologies often add latency to networks, but with encrypted wavelength, utilities can have a layer 1 solution that provides the security they need without the sacrifice of network performance.
Internet access with DDoS protection means that attacks on utilities can be protected and quarantined, ensuring that traffic gets routed away from the Utility’s network so that normal operations can continue during an attack.
Whether big or small, utility companies face the same challenges when it comes to IT teams that are stretched thin. Working with a trusted partner for critical tasks like managing and updating network firewalls or other edge devices can help minimize the risk of leaving network equipment vulnerable to hackers by making sure the network is updated, secure and optimized.
Three Ways to Enhance Security for Utility Companies
- FirstLight offers offer encryption technology for low-latency, wire-speed encryption. Our solution protects utilities against bad actors who want to disrupt the U.S. power grid. We have 10G and 100G options, meet Federal Information Processing Standards (FIPS) compliance, and use best practices for encryption, making us an ideal network security provider for companies in the utility industry.
- FirstLight also offers a DDoS protection solution that monitors for anomalous traffic and segregates that traffic away from the utility’s network, a type protection that a stand-alone firewall cannot readily accomplish.
- FirstLight was chosen as a Top 10 Cisco Consulting Company by Enterprise Magazine because of our Cisco expertise and capabilities. Working with FirstLight to manage a utility’s critical network devices can help ensure a focus on security while still ensuring that networks are optimized for the kind of performance that utility companies need to keep delivering the critical services our nation depends on.