The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


You need to be a member of Energy Central to access some features and content. Please or register to continue.


The Year Ahead in Cyber Security

image credit: ID 93326260 © Vs1489 |

Although industrial control systems have been running critical infrastructure in the utility sector since the 1950s, they have experienced a “coming of age” when it comes to security in the past few years. Thanks to the adoption of IIoT, the convergence of IT and operational technology (OT) environments, and the increased targeting of these mission critical systems by rogue external parties, concern over OT threats have been propelled to the C-Suite risk agenda. What used to be isolated, air gapped “set and forget” OT networks have become ground zero for potentially debilitating cyber-attacks.

It is not all doom and gloom, however. Progressive utilities are well down the path of ensuring the full visibility, security and control of their environments. If fact, many organizations that must meet a minimum-security compliance level such as NERC, NIST and NIS have gone way beyond these basic directives. The markets have reacted quickly to this new threat vector and attack surface. And while OT environments are certainly not 100% secure, we are moving in the right direction.

Here are six security developments we can expect in the electric power industry this year.

1. ICS Security Goes Mainstream

As noted earlier, many utilities have already made investments to secure their OT infrastructure to the same or even a higher degree than their IT infrastructure. We expect this trend to continue in 2019. In addition, we predict it will extend beyond large organizations to midsize and smaller companies. Given the clear and present threat, industrial control system (ICS) security is no longer an early adopter segment and will become a mainstream requirement for every electric utility regardless of size.

2. Industrial Hacking Tools Will Be More Accessible

And that brings us to the adversaries responsible for ICS attacks. There is no question that many past attacks have been conducted by nation states, rogue factions and insiders. Going forward, we will likely see lone wolves and non-nation actors also launching attacks. The barriers to entry are lower, and with a little know-how OT-based attacks can be carried out by the general hacking community rather that being relegated to state sponsored cyber warfare initiatives.

3. More Sophisticated Attacks

In general, most of the attacks that we have seen to date were aimed at a single target or country. Attacks will continue to grow in sophistication and become multi-pronged, targeting multiple locations and sites simultaneously or in close succession. Utilities will need to consider this possibility and once again evolve their security posture accordingly.

4. Active Detection of Threats will be Needed

The previous prediction will not only push utilities to act, but also force them to address new threats in a more proactive way. Passive or “listen only” monitoring only looks at network traffic and will no longer be sufficient. Rather, Active Threat Hunting through safe device querying will become essential to gain the visibility, security and control necessary to protect against a new generation of threats. “Active” covers the 50% of threats that can’t be detected with network-only monitoring. Many OT security vendors are only now adding rudimentary active query capabilities.

5. OT Threat Intelligence will Increase

In the area of threat hunting, several other capabilities will be required to better identify, mitigate and report on new ICS threats. In the coming year we are likely to see a maturation of ICS threat intelligence. This includes the use of external security data feeds as well as integrating OT security technologies with SIEMs, next generation firewalls, etc. There will also be more sharing of information across communities such as OISF, which has been a mainstream practice for years in IT. It will be embraced by the OT community as a key way to more quickly identify threats and protect against new attacks that can impact ICS environments.

 6. New Standards for ICS Security

Finally, beyond NERC, we will see new ICS specific standards, guidelines and best practices for assessing and hardening the security of OT environments published and adopted.

This year and beyond, ICS threats will continue to escalate and evolve, so electric utilities will need to keep pace by implementing OT and ICS specific mechanisms for gaining visibility into threats, maintaining control over infrastructure changes and securing power generation and distribution systems.

Millie Gandelsman's picture

Thank Millie for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.


No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »