Every year, cyber-attacks become increasingly sophisticated, with malicious actors finding new ways to subvert existing security protocols. In 2021 alone, the volume of cyberattacks rose dramatically. There was not only an increase in the number of attacks (some estimate there were over 623.3 million ransomware attacks) but also an increase in complexity. Sophisticated attackers were able to breach groups like the Department of Energy and Microsoft by compromising software employed by both. Most recently, Russia has threatened utility cybersecurity, both in Ukraine and abroad. The threat of cyberattacks is chilling. This is why cyber security experts across the industry are hard at work to prevent the next big attack. Now more than ever you must heed the warnings from your security department.
Cybersecurity Statistics
Of all cyberattacks, 90% are caused by human error. According to the Center for Strategic & International Studies, as of 2018 nearly $600b is lost every year to cybercrime. While much of this crime is directed at individuals, there is no organizational type that is safe. For example, after a cyberattack in late-2021, a cooperative in Colorado struggled to resume normal operations including billing and payment processing, while also losing data. These imminent threats of cyber attacks have led the U.S. government to warn all businesses —especially essential industries— to prepare for the worst.
Cybersecurity, Russia, and Utilities
With an aging infrastructure, utility cybersecurity has become a preeminent threat in recent years. Russia has a long history of cyber warfare, including the use of bots to shift public opinion in foreign elections, oil pipeline tampering, and massive federal data breaches that compromised public and state information. Increasingly the power grid is a common target for enemy agencies, who attempt to use cyber threats to destabilize or cause harm to another country.
While Russia isn’t alone in their cyber warfare tactics, they have proven formidable and diligent in their efforts. Utility cybersecurity protocols should assume that threat agents are actively targeting their operational technology (OT) and IT infrastructure and plan accordingly. The first step is identifying a few of the most common cyber threats to make it easier to spot a potential incursion.
Types of Cyberattacks
While IT departments everywhere are familiar with the premise of cyberattacks, for everyone else, it’s not always easy to know what to look for. A cyberattack is any malicious and intentional attempt to compromise the operational sanctity of an operating system. That objective of cyberattacks can range from disabling an operation to breaching data privacy. Below is a list of the most common cyberattack types and an explanation of the purpose and function of each:
- Malware – Malware is any type of installed malicious software, which includes spyware, ransomware, viruses, and worms. These programs can self-replicate additionally harmful software, breach data privacy, render a system unusable, or block access to targeted aspects of the system.
- Phishing – A fraudulent communication, typically an email, crafted to trick unsuspecting recipients into revealing sensitive information.
- Man-in-the-middle – The man-in-the-middle (MitM) cyber threat is an eavesdropping ploy wherein a threat agent is inserted between a two-party transaction to steal data or install malware.
- Zero-day exploit – A cyberattack that exploits recently revealed cybersecurity vulnerabilities after they are made public, but before they are resolved.
- Denial-of-service – The denial-of-service cyberattack overwhelms an operating system with superfluous commands or traffic, exhausting computational bandwidth and rendering a system unable to comply with legitimate user requests.
Unfortunately, this is an impartial and evolving list. Hackers are constantly probing for opportunities to exploit existing software vulnerabilities or take advantage of unsuspecting users. Knowing the scope of cyber threats is overwhelming, but manageable through the right situational awareness and pre-planning. Let’s look at some basic protections that everyone involved with an operation can easily do to maximize utility cybersecurity.
What You Can Do To Improve Utility Cybersecurity
There are a lot of things that your security team has probably implemented to better protect utility cybersecurity. Building a culture of accountability and attention to detail is the start of a secured utility environment, with everyone pitching in to help where they can. That means that everyone involved in every operation should strive to minimize and spot risk, and follow internal best practices to mitigate potential risks.
Some basic outlines that everyone can follow include, but aren’t limited to:
- Email Security – Always keep security front of mind when reading your email. Make sure the email is actually from who it claims to be from. Frequently attackers pretend to be co-workers or automated emails from a service they know you use. Hover over any links before clicking. If it seems suspicious, don’t click the links and instead open a new tab and type in the website yourself. Be extra mindful of any ask that seems out of the ordinary or has an increased sense of urgency. When in doubt users should always feel empowered to contact the sender out-of-band (e.g. over a phone call). Always err on the side of caution and involve your security team if something doesn’t seem right.
- Computer Security – Users should only download things that are approved and necessary for business purposes; if a user is unclear what that might constitute, ask. Always run updates as soon as possible, and always keep your computer locked when physically away. Your operation may consider running adblocking software which can help eliminate advertisements for scams or malvertising.
- Passwords – Use strong, unique passwords for each website. Always enable two-factor authentication when provided, preferably not via text message. Consider using a password manager as an organization.
- Operational Security – To improve the operational security of an organization, remember to follow approved means of sharing information. More importantly, if you see a problem, report it, whether that’s a potential vulnerability or something suspicious you’ve encountered elsewhere.
As part of current U.S. legislation to enhance utility cybersecurity, infrastructure providers and federal agencies are legally required to promptly report all cyberattacks. With workers remote now more than ever, building that into a cybersecurity culture at any type of operation is useful in mitigating potential cyber threats.
Utility Cybersecurity Conclusion
While there is no singular solution to cyber threats, these simple mitigations can help energy providers gird their utility cybersecurity. Still, it’s easy to forget that no one place is an island and that events around the world can result in a change in your backyard. The Russian/Ukrainian conflict has the potential to reshape the world, including expediting the interest and usage of renewable energies, at an all-too-high cost. To manage that growing need while minimizing potential utility cybersecurity risks, operators might consider SaaS-based software solutions that automatically stay up-to-date which minimizes operational cost, security exposure, and downtime.