HSE & Sustainability

Strengthening the Energy Sector’s Cyber Preparedness

The reality is that threats continue to outrun the sector’s security evolution, primarily because organizations are increasingly connecting operational technology, such as supervisory control and data acquisition systems and industrial control systems, to their information technology networks.

cybersecurity.jpg

The Department of Energy (DOE) in March 2018 released a 52-page report outlining its multiyear strategy to improve cybersecurity. In the report’s introduction, Assistant Secretary Bruce J. Walker noted that bad actors are increasingly targeting critical operations.

News broke that same month—through an alert issued by the Department of Homeland Security (DHS) and the FBI—that Russian government hackers had been targeting the energy sector with a “multistage intrusion campaign” since 2016. In fact, according to the DOE report, the largest percentage of cyber incidents reported to the DHS’s Industrial Control Systems Cyber Emergency Response Team came from the energy sector during the 3 years prior.

The DOE’s sense of urgency with regard to cybersecurity operations and maintenance is warranted. It represents part of increasing public awareness, evidenced by upticks in media coverage and funding for operational technology (OT)-focused cyber companies, about the growing threat landscape. To that end, the report declared three key priorities: strengthening preparedness through information-sharing and risk management; improving incident response; and accelerating research and development (R&D), with the DOE announcing $25 million in research and development funding the month after publishing its multiyear plan.

But the reality is that threats continue to outrun the energy sector’s security evolution, primarily because organizations are increasingly connecting OT, such as supervisory control and data acquisition systems and industrial control systems (ICS), to their information technology (IT) networks. While such innovation can translate to cost savings, improved functionality, and new big-data insights for energy organizations, many OT systems weren’t designed to be connected to the Internet. The blurred boundary between OT and IT also translates to a larger attack surface. Bad actors can disrupt critical infrastructure simply by targeting users with trusted access to sensitive information.

Securing the Boundary

In order for the energy sector to continue evolving its cyber readiness, organizations that are blurring the lines between IT and OT need to embrace a cross-domain solution to keep the two networks separate and safe. In 2017, the energy sector had the largest number of ICS vulnerabilities, according to a Kaspersky Lab report. Indeed, the DOE acknowledged that bi-directional, real-time, machine-to-machine preparedness—or cross-domain security—is a core component of the report’s first priority.

A cross-domain security approach allows information that would otherwise be kept separate to move across networks while providing insight into what that information is doing as it passes between boundaries. Put another way, instead of seeking to identify specific “bad” traffic—things that shouldn’t be passing between the two networks—cross-domain solutions allow only known “good” data to move beyond boundaries. By inspecting the data at the application layer, a cross-domain solution can make transfer decisions at a more granular level than a firewall.

Such rigor needs to quickly become the new normal in order for the energy sector to sufficiently protect its critical infrastructure and data. Securing the OT/IT boundary balances the need for connectivity and information sharing against the need to protect data itself and the agency as a whole. In the end, cross-domain solutions ensure files and information arrive quickly at their destinations free of malware, without hampering employees’ ability to do their jobs or bogging down security analysts with millions of threat alerts and false alarms.

Read the full story here.