The business benefits of digital transformation in electric grid operations are tremendous, but this progress also greatly expands the cyber risk to the OT environment - safety, unscheduled downtime, and negative impact on corporate brand are most often cited. When electric utilities use cloud connected software to better automate their operations, bolster predictive maintenance, or connect industrial devices to business intelligence platforms, they are more tightly coupling Operations Technology (OT) with Information Technology (IT) systems. At the same time, an accelerated shift to remote access greatly opened the “attack surface” to threats that didn’t exist in the recent past.
In Dragos’s experience working directly with hundreds of energy and industrial companies, we hear the same cybersecurity challenges time and again. And, in conducting the subsequent assessments in their environments, these challenges are affirmed by what our team finds. The good news is that there are practical steps asset owners and operators can take to enhance the security of their Industrial Control Systems (ICS) environment and effectively mitigate cyber risk – today.
Step 1: Get complete, automated OT asset visibility
Without central visibility into asset vulnerabilities, and a closed loop to manage the controls which address them, cybersecurity teams will be spread thin if they are relying on offline spreadsheets and checklists between multiple locations.
Inventorying OT assets makes every cybersecurity process easier, whether it is leveraging threat detection, initiating incident response, actively managing assets for vulnerabilities and weaknesses, or implementing overarching strategic OT security initiatives. Continuous OT asset visibility and monitoring capabilities make it possible to discover unknown connections, active threats, and insecure configurations.
Step 2: Understand and detect threats
Though OT infrastructure was once locked down by hardwired assets and segmented environments that were difficult to breach, the digitalization of operations has increased connectivity and opened industrial environments to state-sponsored and financially motivated threat actors. Dragos creates profiles of these groups with comprehensive data on their actions and capabilities.
Step 3: Close the IT/OT cybersecurity gap
OT is very different from IT. While it is IT’s purpose to protect information in the business environment, OT has a different mission, systems, threats, and impact on organizations than IT. Safety, environmental impact, and process availability are key for OT. Many of the basics of IT security simply do not apply. Lack of effective communication across IT and OT teams during a crisis can lead to inadequate resource allocation, compound risks to assets and personnel, and create lingering effects on bottom line operations.
The overarching lesson is that there are lessons to learn from IT cybersecurity but as organizations seek to improve OT cyber capabilities it doesn’t make sense to copy and paste your enterprise cybersecurity strategy into the ICS. Where might this communication and bridge-building begin? Many organizations benefit greatly from workshops, also known as tabletop exercises, that utilize consequence driven scenarios to help IT and OT personnel understand what information, communications, and actions are required in the event of a cyber incident.
Learn more about how you can mitigate your cybersecurity risk in this whitepaper.