As technology continues to grow more ubiquitous in everyday life, its use in the running of regular processes is becoming increasingly common. While this is true for every industry, the energy sector has adopted the use of technology especially aggressively.
The control rooms of substations and the myriad devices used to manage the energy industry’s critical infrastructure are all digital now, increasing the risk that they will fall victim to cyberattacks.
Those working in the sector have acknowledged the growing danger of cybercriminals in a recent survey by construction and engineering firm Black and Veatch. The firm’s study found cybersecurity to be one of the top five concerns for U.S. electrical companies this year.
In the same survey conducted in 2013, cybersecurity was the sixth on the the industry’s list of biggest worries but this year has risen to fourth. Though the issue is considered such a threat to energy companies, only 32 percent of electrical utilities surveyed reported having security systems that were integrated with the appropriate segmentation, monitoring and redundancies necessary to sufficiently protect against cyberthreats.
Cybercriminals Increasingly Targeting Energy Companies
In March, The Wall Street Journal covered a federal analysis that found the country could suffer nationwide blackouts if only nine of the 55,000 electrical substations in the U.S. were to be knocked offline.
In a separate study filed by the Department of Homeland Security, it was found that of the approximately 200 breach incidents handled by the DHS cybersecurity team, more than 40 percent were aimed at the energy sector, The Hill reported.
According to U.S. News and World Report, the vast majority of the systems used by the nation’s gas and electric utilities run on Windows XP operating systems, which were found to be incredibly vulnerable to attacks. Experts are also overwhelmingly in agreement that the electrical grid as a whole is susceptible to breach attempts from networks of cybercriminals and foreign actors.
“Foresight is forearmed. In an environment where threats are both real and virtual, and physical damage can be triggered by natural forces or nefarious intent, the best approach is preparedness,” stated the Black and Veatch report. “There is not a single solution, but with an approach that addresses the physical elements of cybersecurity and the cyber elements of physical asset security, organizations will be better equipped and educated to manage the full spectrum of dangers.”
As hackers become more sophisticated and cyberattacks more harmful, the need for critical infrastructure security is only increasing. Utility providers can implement a few simple but effective techniques to insure their systems and networks are sufficiently protected.
One of the best security measures is to implement a strong authentication solution. This is a proven method of security — requiring multiple forms of identification to obtain access to sensitive information — but it drastically improves the protection of privileged data. Employing multifactor authentication for access to power grid systems and other critical infrastructure creates an extra line of defense against cybercriminals and helps to increase the nation’s critical infrastructure protection.