By Bindu Sundaresan
Disruption of service. Are there three more frightening words for utility providers? At best, it can mean a minor inconvenience for some. At its worst, it can be a public safety issue that threatens the well-being of many.
That responsibility clearly doesn’t fall on deaf ears. That is why heavy investments into operational stability and safety are so common among utility companies. Redundancies are built into their systems at every corner to help mitigate dangerous downtime. However, the number of corners continues to grow.
The Internet of things and smart grids continue to bring about change for utility providers worldwide, but they also create potential for threats to utility infrastructure. The growing convergence of systems and technology in the utility sector is at the heart of it all, where information technology, operational technology and consumer data intersect to create attractive opportunities for hackers.
In a recent survey by Ernst and Young, 89 percent of utility and power executives feel their current cybersecurity posture doesn’t fully meet their organizations’ needs.
The opportunity for cyberattacks to infiltrate utility delivery is unprecedented. Attacks are getting more varied and more common. It is hard to remain confident when the unrelenting wave of even relatively minor threats means an organization could be just one employee’s mouse click from bringing operations to a halt.
In AT&T’s fifth Cybersecurity Insights Report, “The CEO’s Guide to Data Security,” we discuss the need to take innovative approaches to cybersecurity. Being innovative in cybersecurity means being agile, responsive and adaptable while effectively using the technology enabling that approach. Cybersecurity will forever remain a moving target, which means stagnant security strategies will always be the most vulnerable.
For the utility sector, its rapid integration between new and legacy systems amplifies the need to keep pace with the changes. Take a step back to assess whether or not your organization is truly ready to tackle cybersecurity challenges in today’s volatile environment. Following are four key places to start.
Establish Full Organizational Alignment
In a world where an estimated 90 percent of breaches are caused by employee error, the importance of building a culture where cybersecurity isn’t just lip service is a fundamental part of an effective cybersecurity strategy.
An engaged leadership team that fully understands the stakes will make the resource commitment necessary to devise strategies to educate the employee base and keep the organization safe, and they will be more inclined to invest in the right tools to execute on those plans.
Once leadership is on board, it makes it easier for the message to flow throughout the organization. That’s important because getting everyone to view every decision and action through a cybersecurity lens takes a considerable amount of effort, particularly with large swaths of employees manning the frontlines at facilities and working offsite. Employee turnover and attrition means it never stops.
It is no longer accurate to equate data analytics with future technology. Any cybersecurity strategy without an analytics piece is woefully incomplete.
Data science in cybersecurity has come a long way in a short time. What used to be an exercise in sorting through thousands of false positives for a single legitimate threat has turned into highly accurate threat analytics systems built on ongoing machine learning. It’s literally getting better every day.
Threat analytics programs can flag behavioral changes in devices, services and end users accessing systems or applications on the network. The growing wealth of data moving through operational and information technology networks is a huge boon for capturing and recognizing these changes and irregularities in patterns that are often predictable.
Create a Full Breach Response Plan
Prevention is the goal of cybersecurity, but in today’s world, it’s becoming harder to find organizations that can say they haven’t been a victim.
A successful breach in the utility sector can be catastrophic if operations are affected. Chances are, plans are already in place for unplanned downtime so it’s important to re-evaluate those plans in the event they can be further tailored to address a cyberattack.
A full breach response plan not only covers operations, but also employees communications, external communications and, of course, regulatory concerns. It’s not enough to have the plan. Regular exercises help all key players know their roles during a breach and where holes in the plan exist.
Identify the Expertise You Lack, and Find It
If you have holes in any of the previously discussed areas or other essential areas, it is important to fill them. For many organizations in the utility sector, those answers are hard to find from within. If that’s the case, recognize that it is imperative to have trusted alliances that expand your capabilities.
The world of cybersecurity is dynamic in so many ways and contains nuances that change drastically with each technology innovation. Unless there are dedicated teams on staff, it is unrealistic to think that anyone could keep up with every movement and trend in the cybersecurity space.
There are a few ways to go about this. Outside of bringing on the expertise fulltime, you can also engage third parties to guide you through the complexities and bring you new ideas. Fresh thinking can help you look at your own systems in ways you haven’t before.
To borrow a phrase, the only constant in cybersecurity is change. For utility providers, not being in a position to react swiftly in response to those changes means much more than turning out the lights.