Although industrial control systems have been running critical infrastructure in the utility sector since the 1950s, they have experienced a “coming of age” when it comes to security in the past few years. Thanks to the adoption of IIoT, the convergence of IT and operational technology (OT) environments, and the increased targeting of these mission critical systems by rogue external parties, concern over OT threats have been propelled to the C-Suite risk agenda. What used to be isolated, air gapped “set and forget” OT networks have become ground zero for potentially debilitating cyber-attacks.
It is not all doom and gloom, however. Progressive utilities are well down the path of ensuring the full visibility, security and control of their environments. If fact, many organizations that must meet a minimum-security compliance level such as NERC, NIST and NIS have gone way beyond these basic directives. The markets have reacted quickly to this new threat vector and attack surface. And while OT environments are certainly not 100% secure, we are moving in the right direction.
Here are six security developments we can expect in the electric power industry this year.
1. ICS Security Goes Mainstream
As noted earlier, many utilities have already made investments to secure their OT infrastructure to the same or even a higher degree than their IT infrastructure. We expect this trend to continue in 2019. In addition, we predict it will extend beyond large organizations to midsize and smaller companies. Given the clear and present threat, industrial control system (ICS) security is no longer an early adopter segment and will become a mainstream requirement for every electric utility regardless of size.
2. Industrial Hacking Tools Will Be More Accessible
And that brings us to the adversaries responsible for ICS attacks. There is no question that many past attacks have been conducted by nation states, rogue factions and insiders. Going forward, we will likely see lone wolves and non-nation actors also launching attacks. The barriers to entry are lower, and with a little know-how OT-based attacks can be carried out by the general hacking community rather that being relegated to state sponsored cyber warfare initiatives.
3. More Sophisticated Attacks
In general, most of the attacks that we have seen to date were aimed at a single target or country. Attacks will continue to grow in sophistication and become multi-pronged, targeting multiple locations and sites simultaneously or in close succession. Utilities will need to consider this possibility and once again evolve their security posture accordingly.
4. Active Detection of Threats will be Needed
The previous prediction will not only push utilities to act, but also force them to address new threats in a more proactive way. Passive or “listen only” monitoring only looks at network traffic and will no longer be sufficient. Rather, Active Threat Hunting through safe device querying will become essential to gain the visibility, security and control necessary to protect against a new generation of threats. “Active” covers the 50% of threats that can’t be detected with network-only monitoring. Many OT security vendors are only now adding rudimentary active query capabilities.
5. OT Threat Intelligence will Increase
In the area of threat hunting, several other capabilities will be required to better identify, mitigate and report on new ICS threats. In the coming year we are likely to see a maturation of ICS threat intelligence. This includes the use of external security data feeds as well as integrating OT security technologies with SIEMs, next generation firewalls, etc. There will also be more sharing of information across communities such as OISF, which has been a mainstream practice for years in IT. It will be embraced by the OT community as a key way to more quickly identify threats and protect against new attacks that can impact ICS environments.
6. New Standards for ICS Security
Finally, beyond NERC, we will see new ICS specific standards, guidelines and best practices for assessing and hardening the security of OT environments published and adopted.
This year and beyond, ICS threats will continue to escalate and evolve, so electric utilities will need to keep pace by implementing OT and ICS specific mechanisms for gaining visibility into threats, maintaining control over infrastructure changes and securing power generation and distribution systems.