In early May, a ransomware cyberattack on the Colonial Pipeline brought significant public attention to the issue of cyberthreats in the energy sector. This month, the GridWise Alliance focused on the theme of cybersecurity
Figure 1. Differences between IT and OT.
Source: Ponemon Institute and Siemens Gas and Power,
“Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?,”
and its application to the grid and our members. The increasingly digitized and interconnected grid, along with the growing number of distributed energy resources and technologies connecting to the grid, expand the potential avenues for cyberthreats. Cyber criminals, “hack-tivists,” and hostile national states are driving the increase in cyberattacks with the goal of disrupting the grid or collecting ransom. Indeed, a recent survey of utility executives revealed that 56 percent of respondents reported at least one shutdown or operational data loss per year. To date, there has been no major disruption to the nation’s electricity supply because of a cyberattack.
Cyberthreats impact the grid in two primary areas (Figure 1):
- Operational technologies (OT): physical equipment and systems that enable operation of the grid and flow of electrons, and;
- Information technologies (IT): servers and devices, typically software or data, that enable operation of office and business environments
Cyberattacks compromise systems through the use of malware, advanced persistent threats, insider threats, human error, and hardware Trojans. Typical technologies that help to protect against these threats include: firewalls, intrusion detection systems (IDS)/intrusion prevention systems (IPS), unidirectional gateways, and in-line edge devices. For a review of cyberattack types and cybersecurity technologies, this National Regulatory Resources Institute Paper, co-authored by GridWise Alliance CEO Karen Wayland, provides more in-depth information.
Figure 2. Threat Landscape.
Source: Dell, “Information and Cybersecurity”
Check out our website for some of the resources GridWise members provided in response to our call for content this month. We received a great mix of content. NYPA shared news of its Cybersecurity Center of Excellence, a collaboration with Siemens Energy, Inc. to develop an industrial cybersecurity monitoring, research, and innovation center to focus on detecting and defending against cyberattacks on critical infrastructure owned and operated by NYPA. Intel shared their policy on cybersecurity regulation and legislation, while Dell and Hitachi-ABB shared whitepapers on various aspects of cybersecurity. In Dell’s report on Information and Cybersecurity, you can learn more about information security strategies and also refresh your knowledge on the cyberthreat landscape (Figure 2).
Hitachi-ABB’s report on Balancing the Demands of Reliability and Security provides an overview of cybersecurity for substation automation, protection, and control systems. Figure 3 from this report illustrates where cybersecurity solutions are applied both inside and outside a reference substation system architecture. Lastly, in the X-Force Threat Intelligence Index 2021, IBM pro
Figure 3. Example Substation Automation System Reference Architecture Source: Hitachi-ABB, “Balancing the Demands of Reliability and Security”
vides a check-in on the cyberthreat landscape and offers recommendations for moving forward. Two interesting findings from this report: (1) ransomware was the most popular attack method that IBM Security X-Force responded to in 2020, making up 23% of all security events, and (2) actors using the Sodinokibi ransomware are estimated to have made at least $123 million in profit.