Utilities need to comprehend the new cyber risks involved with home-based work such as social engineering attacks and less reliable internet connections in order to accordingly set up baseline defenses and limit the consequences of cyberattacks
Power utilities have become more prone to cyberattacks amid the COVID-19 pandemic as attackers have strived to benefit from the rush to remote systems and undermanned facilities. Utilities need to comprehend the new cyber risks involved with home-based work such as social engineering attacks and less reliable internet connections in order to accordingly set up baseline defenses and limit the consequences of cyberattacks, says GlobalData’s latest report, titled Thematic Research: Cybersecurity in Power.
The study reveals that utilities’ investment in cybersecurity – split across technology, services, and internal skills development – will only accelerate as they attempt to address challenges brought about by cyberattacks.
Sneha Susan Elias, Senior Power Analyst at GlobalData, comments: “Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control. This potentially provides an opportunity for attackers to target the grid – similar to the attack in Ukraine in December 2015 where hackers attacked three power distribution companies in the country, temporarily disrupting the electricity supply.
“As utility infrastructures become more interconnected, smart and decentralized, a centralized approach to secure them is difficult, and will become increasingly untenable. Central monitoring and oversight is essential but not sufficient, as a central system cannot react quickly enough to threats – especially as control becomes fragmented across numerous systems such as microgrids. As a result, there will be a rising burden on edge elements and local systems to be resilient to cyberattacks, while also having the flexibility to support the resilience of the wider energy system in the case of a cyberattack on the electricity grid.”
Power grids are the main target point for hackers and cyberattacks. Electricity grids depend on industrial control systems (ICS) to provide essential services. If these systems are at risk of a cyberattack, that can pave the way for serious, catastrophic events. However, the growth in cyberwarfare and the rapid proliferation of smart and connected grid components means that investment in cybersecurity will remain a top priority for utility IT departments. As a grid becomes smarter, it also becomes more vulnerable to attack, which can compromise critical infrastructure systems and disclose private user information.
Susan Elias continues: “Utilities need to develop a unified method for security that incorporates both physical and digital security, as well as covers the complete organization. Utilities should adopt cybersecurity measures that can correlate threats across transmission system operator (TSO) systems, industrial control systems (ICS) and operational technology (OT) systems. This is where the role of artificial intelligence (AI) and behavioral analytics, along with ubiquitous Internet of Things (IoT) data comes into play, providing support for the emergence of such solutions.”
An ongoing area of development will be AI analysis of behavioral biometric data. Sophisticated machine learning algorithms can build up a profile of a user’s typical behavior, identify unusual patterns of activity, and highlight potential threats in real-time before they have a chance to materialize. By automatically detecting suspicious data, the whole security process becomes more efficient, preventing the need for a painstaking manual review of log data. IoT, if it moves beyond point applications to encompass analytics and a holistic view of utilities’ infrastructure, could enhance aspects of security by helping manage infrastructure more effectively and monitor unusual patterns.
Susan Elias adds: “The integration of AI with IoT will aid power utilities and security personnel in decreasing false alerts obtained from these systems, and lead to enhanced efficiency of the security teams.”