Published On: Fri, Apr 28th, 2017

Guarding against cyberattacks on the power grid

Eskom electricity power linesBy Riaan Badenhorst, Managing Director, Kaspersky Lab Africa

When it comes to cybersecurity, the media spotlight falls predominantly on end-user
breaches. But, imagine the consequences if hackers take down the electricity network
of a country. At Kaspersky Lab, we believe a shift in focus is required.
Power grids are incredibly complex networks that feature integrated automation and
control functions. And, because these communicate through open protocols, there is
not sufficient security built-in to protect against increasingly sophisticated
cyberattacks. Industrial control system (ICS) environments form an integral part of
this industrial space. As such, these have become some of the most targeted areas
for malicious users in this sector.
A recent Ernst & Young survey has found that almost half of power and utilities
companies say it is unlikely that they would be able to detect a sophisticated
attack. This is quite concerning given how reliant the digital world has become on
the supply of reliable energy infrastructure.
Think for a moment back to the days of load-shedding in South Africa and how it
negatively impacted on productivity. Now imagine the potential of the power going
down across the country and not coming back online. Protecting these national assets
requires more than just a traditional IT security system or approach. It is not
about maintaining the integrity of sensitive corporate data, but rather about
ensuring the continuation of the process of supplying electricity.
Further complicating matters, is the fact that ICS environments are often
significantly customised and filled with proprietary (and often legacy)
technologies. This makes it incredibly difficult to install a security solution that
can plug all the potential gaps in the system.
With electricity facilities becoming more connected they are no longer managed in
closed systems. There is therefore a myriad of technical, infrastructural, and even
organisational challenges to overcome if the infrastructure is to be protected
Enterprise-level cybersecurity systems are not capable of fulfilling the specific
requirements of electricity suppliers. Instead, an industrial-level solution that
secures every layer of infrastructure without impacting on the operational
continuity and consistency of the processes is required.
However, cyberthreats can bridge the gap between industrial and enterprise systems –
and it is becoming increasingly imperative to have a security solution that can
fulfil vastly different organisational requirements. Industrial operations therefore
need to work with a vendor capable of providing a full suite of complimentary
solutions delivering protection on desktops, laptops, and mobile devices, servers,
databases, all the way through to ICS environments.
It is this integrated approach that will help ensure that the lights keep on in
times of crisis. Industry has moved beyond just meeting the security demands of
their sites, but needs to make sure the integrity of the entire infrastructure is
maintained. The alternative, could be too significant to contemplate.

Featured Video