The Industrial Internet of Things (IIOT) and the convergence of IT (information technology) and OT (operational technology) are revolutionizing the use of information across the energy supply value chain from generation to transmission and distribution to commercial and residential customers.
The benefits of integrated and connected operations are clear. The generation segment of energy supply can benefit from higher efficiency and safety by using analytics of data collected from sensors and from secure access of remote experts performing preventive maintenance, monitoring and troubleshooting, while the transmission and distribution segment is exploring the benefits of smart meters for service pricing, billing and planning.
Along with the benefits of higher levels of connectivity, there are also increased demands on OT security management. The industrial network “air gap” does not exist anymore. Securing the connected operation is not the only motivation for investing in OT security, during the last decade we witnessed a growing motivation to attack critical infrastructure. The growing number of cyberattacks and the potential damage from such an attack led to development of NERC-CIP version 5 and recently to the new network and information security (NIS) directive by the European Parliament.
The following are three important security pillars that are required for an energy supply company to securely manage its OT environment and converge its OT and IT operations:
· Discover— gain complete visibility and maintain up-to-date inventory of their industrial cyberassets
· Connect— establish secure connectivity to industrial cyber-assets and enforcement of strict access authentication and privileges
· Protect—perform security essentials, including patching systems, keeping anti-virus signatures current, alerting on policy violations and more
This security hardening process is an ongoing effort with each iterative step improving an energy supply company’s security posture.
Network visibility is the first step
Before planning an OT security strategy, an energy provider must first understand what assets are on its network in order to know what needs to be protected. A full and updated inventory is essential for developing and maintaining an appropriate defense of any industrial infrastructure. In addition, the characteristics of each asset and its communication connections with other devices and equipment should be known.
Conducting this asset discovery in an OT environment has its challenges. For example, older PLC might be sensitive and should be discovered in an unobtrusive manner in order to avoid disrupting availability. As a result, mapping the assets and understanding what they communicate with and how, should be done through a combination of passive and active techniques.
Also, the inventory of assets connected to the network are constantly changing, especially in a generation business adopting IIOT. Accordingly, asset discovery and inventory mapping must be automated. Changes against a baseline must be documented and incorporated into a continuously updated inventory. Only when an energy supply company has a clear view and understanding of its assets, can it be in the position to define a security strategy and start hardening processes.
Next is building secure connectivity and remote access control
Many of the industrial control systems (ICS) used in the energy supply process need to be accessed by first- and third-party professionals, to maintain equipment and perform security routine processes, such as patching and log collection. Performing these functions in person is often not practical or at times physically impossible, making remote access a necessity.
Even though remote access is critical to the safety and reliability of energy supply processes, external connectivity and remote access, especially by third parties, significantly increases the ICS attack surface and must be protected. Virtual private networks (VPNs) and proprietary remote access tools are commonly used, but these practices pose risks from multiple communication lines across the enterprise and shared access credentials.
Funneling all remote access through a single location,one that is fully controlled by the energy supply company’s IT security professionals, is a much more secure option. This eliminates proprietary end-runs around security controls that go straight into the industrial assets.
Finally, leverage a top-down, integrated strategy to improve security posture and compliance
Once an energy supply company has its full inventory with all of its assets reachable remotely through secure connections, the company can be considered ready to next apply ongoing security efforts with a top-down, integrated approach.
“Top-down” refers to the fact that the head operation and control office can drive policies, procedures and technology solutions that secure the entire environment. “Integrated” implies that the intersections among IT and OT, remote plants and head office, and third parties, such as equipment vendors, must be considered when choosing a method to enforce the policies and execute the procedures so that “everything works together”.
With this in mind, the primary attention should be in protecting the production cyber assets. These assets, if compromised, pose the largest risk to electricity generation and operational safety. Accordingly, an energy supplier should focus on the security essentials first. For instance, maintain up-to-date inventory, HMI OS patching, collect and analyze devices logs, enforce ports and service whitelisting/blacklisting and related activities should be the initial focus of security efforts.
Securing a large-scale utility is a big task, but owners do everything at once. Hardening the environment with good security controls is a process and not a one-time project. By taking incremental steps through a top-down, integrated approach and doing the right things first, the organization can move to a higher level security posture. When the OT environment is reasonably secure, the organization can enjoy the benefits of having more data available from an integrated and connected operational platform.
This article is the first in a series of four articles on OT security management in the energy supply sector. The following articles will provide an in-depth look at each of the three recommended pillars for OT security management. The next article will cover an analysis of discovery considerations for maintaining full network visibility and asset inventory.
About the author: Eli Mahal is the Vice President of NextNine, a provider of security management solutions for connected industrial control system environments.