Based on recent reports of Russian involvement in a multistage intrusion of the US power grid, it’s no longer a question of “if” threat actors will gain access to critical infrastructure control systems – it’s when it will happen again, and for what purpose.
What can be done to thwart these potentially disruptive assaults?
Cybersecurity threats to the power grid are a continuous danger nowadays, and because of this, regulation in North America may expand from covering bulk electricity carriers to low-impact carriers. Last month FERC, the U.S. Federal Energy Regulatory Commission, proposed a new rule for low-impact carriers, covering transient electronic devices such as USBs and laptops, and incident response policies.
While the regulation is still in the review stage, some low-impact utilities are not waiting to improve their cybersecurity posture and get a head start on compliance. They are taking advantage of the latest innovation for cyber threat monitoring and detection systems. Vermont Electric Coop is one such entity, and they have realized multiple benefits from their proactive approach.
One of the findings of the recent SANS report “Securing Industrial Control Systems – 2017” is that the number one technology industrial organizations are looking to implement over the next 18 months is intrusion detection.
Up until recently, detecting anomalies on ICS networks that might be caused by a cyberattack has been ”mission impossible.” That’s because such networks typically include equipment from a wide assortment of vendors, run thousands of real-time processes and generate huge volumes of data. Analyzing and monitoring this data to detect anomalies was very difficult.
The good news is that a new generation of ICS cybersecurity tool is available for industrial intrusion detection. This article describes how our product, SCADAguardian does it, and gives an example of how it would detect and counter a cyberattack on a regional control center of an electric power utility.