Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Home
Ronald Indeck
Ronald Indeck
 · Posted in Home

Interoperability: Necessary strategy for protecting critical control systems from cyber attacks

Electrical utilities are challenged more than ever by the possibility of offensive cyberattacks, as the recent compromises of critical infrastructure around the world shockingly highlight. These critical systems are often remote (in another town or a farmer’s field) and need to be managed by collecting and processing telemetry from the devices and delivering control to the devices. Given the distributed locations, an adversary will likely attack a utility using a cyber assault so that physical travel to each location is not required.  

Managers of these critical networks need a solution that can resist the best efforts of a rogue state and yet is both simple to install and easy to maintain.  An additional challenge is the need to ‘drop in’ to any control system as some critical infrastructure boasts state-of-the-art Operational Technology (OT) systems, while others have legacy systems that have been installed for years, or even decades.  Much of the existing OT infrastructure has lifetimes measured in years to decades, and most of the infrastructure it serves dates back even further than that.  In order to protect all of the devices and networks, not just some, finding a solution that works as well with the old as the new, regardless of manufacturer, age, configuration, even things that have seen their operating systems deprecated or software end-of-life passed may still be functional and remain in service. 

A big barrier to entry is that most security products today require a normalization of the network - patching the plethora of operating systems at risk, updating the myriad of devices with the various manufacturers’ newest code, even requiring a physical replacement.  While no one disputes doing these maintenance actions could make the network more secure, it ignores reality as many components may be aging if barely supportable, and updating the components may be too risky, if the patches even exist at all.  This approach takes time, can be quite costly, and rarely covers all the systems within the network leaving gaping holes through which an adversary can come in and cause a disruption or even an outage.

A different approach brings the necessary security to the network to create a secure network overlay that secures the control system network and prevents network intrusion.  While intrusion detection is important in an overall security strategy, putting in place as much intrusion prevention as possible is the best choice.  This solution can be fully interoperable and work with ALL devices regardless of their function age, origin, and configuration.  This approach enables protection of utilities anyplace on the globe, even those lacking sophisticated training and facing severely constrained budgets.  And this approach can work seamlessly with existing networks without replacing them, complicating them, or degrading their performance.  Instead, this can drop into a current network to create a cybersecure barrier that provides ultimate protection today.

And since most green energy implementations are remote – such as wind turbines placed offshore - leveraging public network infrastructure can be a cost-effective approach to monitoring and control but too insecure to use responsibly.  This approach can enable operators to securely use the economies and resilience of insecure public networks, including LTE, Wi-Fi, and the Internet.

Use Case: The National Power Grid

The good news is that there is a new class of solutions that can immediately lower the risk of cyberattack for utilities with an easy to drop-in, no-maintenance solution – hardware-based security solutions, or HardSec for short.

These solutions are provably secure as they are built with immutable hardware that cannot be changed or modified by accident or by criminal intent. By being hardware-only – literally running no software whatsoever - the implementation can be as easy as plug and play to create a secure network overlay. The endpoints need not be modified, as no agents or other applets need to be installed. Instead, the HardSec devices conduct the required cybersecurity tasks. This is especially important for older systems that may be fragile and burdening them with cybersecurity tasks can easily overwhelm them.

Likewise, the networks do not need to be modified as the overlay can be implemented on almost any network – from satellite to LTE to fiber or copper Internet connections. In fact, a HardSec solution can be strong enough to positively secure public networks and drop into private LTE networks so even remote utility resources can be controlled securely without the risk of malicious access through the network. And since the functionality is embedded in immutable hardware, these devices never need to be patched or updated… making them truly maintenance-free.

The new advanced install-and-forget HardSec solutions will protect well into the future as they can be classified as quantum compute-resistant. Yet most implementations can be installed quickly, protecting critical networks immediately. Finally, HardSec solutions can usually be included in the utility rate-base as plant investment. HardSec technology is already transforming the energy industry – and as a product that is owned and manufactured entirely in the United States – is finally providing our nation with superior security for our critical infrastructure.

Â