Utility companies confront security challenges daily, especially those related to securing the North American power grid. Increasingly, they’re responding by implementing comprehensive cyber security plans across their business networks and their generation, transmission and distribution systems.
From broad-based threats against corporate e-mail systems to targeted spear-phishing attacks aimed at nuclear operations, utilities face new challenges regularly. A focus area is the regular increase of vulnerabilities reported in the security of industrial control systems that monitor and control manage the power grid, as noted by the Department of Homeland Security and the media.
New threats to both IT and operational systems are arising as a result of the increasing complexity and interconnectivity of the smart grid. Utility resources are also challenged to balance system reliability maintenance with implementing new technologies and meeting the requirements of increased regulation, oversight and compliance.
No wonder spending on cybersecurity for smart grid industrial control systems is expected to climb nearly 70 percent between 2012 and 2020 to $608 million, according to Pike Research, a part of Navigant’s energy practice. That figure would place cybersecurity spending behind only funding for distribution automation in terms of IT investment by utilities.
Breakthroughs in Cybersecurity
Consider what Lockheed Martin is doing to advance modern grid security in partnership with its utility clients. As a provider of IT and cyber security to some of the nation’s most critical systems, it has worked for years to protect itself and its clients against the newest and most sophisticated cyber attack attempts.
Lockheed Martin tracks more than 30 distinct adversarial groups and studies their tactics, techniques and procedures to determine how they evolve over time. It generates new detection capabilities and intelligence management, and workflow tools and technology. In the cybersecurity field, it connects the dots to allow security analysts to see the big picture and stay ahead of the threats.
Specifically, Lockheed Martin created an intelligence-driven defense process called the Cyber Kill Chain that enables information security professionals to predict and prevent advanced cyber threats. Here’s how it works. When the Cyber Kill Chain detects an attempted intrusion, it synthesizes the attack to see what would have happened if it wasn’t blocked. It then creates custom detections and mitigations for each discrete stage of the Cyber Kill Chain to be able to continue to grow its security intelligence and to successfully detect and block future attacks that continuously morph over time. This methodology allows the security team to stay ahead of evolving threats while increasing the adversaries’ cost and complexity for future attempted attacks.
The Cyber Kill Chain approach is being implemented by many companies that protect critical infrastructure, including numerous utilities. The key benefits of this approach include:
- Advancing risk-management strategies to improve decision making
- Assessing risk, in business context, to allow utility executives and boards to make decisions for mitigations and investments based on their specific risks
- Implementing security intelligence management to enable a proactive, intelligence-driven defense approach to cybersecurity
- Bolstering the training of the cybersecurity workforce
- Sharing actionable and relevant threat information quickly
- Establishing public-private partnerships to accelerate cybersecurity efforts for the grid
What’s Ahead in Utility Cybersecurity Trends
As for the latest trends in cybersecurity for the smart grid, Lockheed Martin and Pike Research consider these the most promising: They are:
- Mobile security: As mobile devices become more ubiquitous for both corporate and engineering staffs, utility CIOs will balance the user preference and cost saving potential of mobility and “bring your own device” programs with complete security programs for mobile computing.
- Improved security in devices: Grid equipment vendors are making strides to build security into their products and architectures, which will mitigate the amount of after-market security that is currently being “bolted on.” Doing so will continue to improve the products entering the market and will help products in the market to close the gap on the vulnerabilities.
- Enhanced Security Visibility for Control Systems: Industrial control systems will continue to see new technologies that will enhance the system logging and monitoring functions available to security personnel. Technology will also provide enhanced behavioral analysis and whitelisting to ensure that only authorized commands and regular reporting are flowing through the control system networks in a fast, reliable and secure manner.
- Adoption of Security Intelligence Methodologies: Leading utilities are adopting security intelligence management approaches, such as Lockheed Martin’s Cyber Kill Chain, that enable them to be predictive about threats targeting their organizations and systems. They do not have to rely on alarms from commercial-off-the-shelf products to tell them something is already happening in their environment.
- Continued focus on workforce education: Growing the number of skilled cybersecurity professionals available to the industry to meet current needs will require a comprehensive approach. This must include professional training for system operators, growth in cybersecurity programs offered through university programs at all levels, and a sustained focus on STEM outreach to students as early as kindergarten all the way through high school. Industry must encourage students to pursue the engineering degrees required to meet the workforce demands to address the current skills gap in the cybersecurity workforce.
It’s clear that the power grid will continue to face new and sophisticated threats as technology continues to evolve. To successfully meet this challenge, a comprehensive program and partnership is required. Utility personnel at all levels, the vendor community, security partners and educational institutions, working together, will continue to prove essential to the continued secure, reliable operations of the energy that powers our economy and our lives.
Rich Mahler is Senior Manager, Cyber Security Solutions at Lockheed Martin.