In 2019, the Wall Street Journal uncovered a nightmare scenario for any energy company. A small utility in the Western United States had its cybersecurity systems breached by malicious actors based overseas, and did not know about it until government agents informed them. Hackers gained a foothold inside the utility’s defenses and went undetected for months with the capability to cause catastrophic financial and physical damage whenever they pleased by cutting power to businesses, homes, and emergency and national security installations. Energy companies should learn a key lesson from this real-world incident: in today’s energy ecosystem, cybersecurity professionals cannot defend against attacks that they cannot see.
Most energy companies today struggle with the complex technological and economic challenges involved in detecting, monitoring, and preventing cyberattacks on critical infrastructure. The operational technologies (OT) and information technologies (IT) responsible for running energy systems now were never engineered to be secured in a digital environment, posing a technical challenge tough to solve and difficult for small and mid-sized operators to afford. Yet in today’s digital energy ecosystem, the failure of weak links can take down critical infrastructure for all participants. Protecting the entire system requires all industrial operators—both large and small—to detect and defend against cyberattacks. New developments in artificial intelligence (AI) based solutions can help all energy companies put defenders ahead of attackers, while adapting to the changing energy landscape.
In the past decade, critical infrastructure has become a prime target for cyberattacks. The digital and technological revolution has transformed the energy sector into a multi-directional network that transfers information with internet-like speed to control physical assets. Digitization empowers energy companies, utilities, and consumers to integrate new OT energy assets—such as power generation, transmission, distribution, and end-use technologies—with IT control systems to reduce costs, improve efficiency, and lower emissions. But along with these major benefits, each digitally connected node presents a possible cyber vulnerability, i.e, a point where malicious actors may potentially enter or manipulate energy infrastructure.
The energy system is witnessing a exponential increase in the number of industrial devices connected to critical infrastructure, both broadening and complicating cyberdefense for the industry’s vast area of attack. What is more, malicious actors are no longer just cybercriminals seeking financial gain. Attackers now include sophisticated state and non-state actors using energy and critical infrastructure in geopolitical conflicts. A 2019 Ponemon Institute study surveying the energy sector’s readiness to address the growing spectrum of cyberattacks found that 64 percent of respondents believed sophisticated attacks, like those designed by nation-states, are a top challenge. Moreover, 54 percent expected an attack on critical infrastructure in the next twelve months.
In this ever-expanding threat landscape, cybersecurity professionals are forced to defend OT and IT systems that were never designed to integrate with a unified security architecture. Defenders are unable to translate huge flows of raw OT and IT data and analyze it to monitor for credible threats in time to take decisive action. In practical terms, this means that defenders cannot see what is happening within their own operations and can easily miss attackers who are actively exploring the network in search of vulnerabilities. Most OT security professionals lack the visibility and context to monitor, identify, and prevent attacks before they happen.
The only way to enable rapid human understanding at the scale and pace needed to discover and stop an attack is using AI and automated domain expertise to provide visibility and context. Applying AI for monitoring and detecting cyberthreats in the OT operating environment helps defenders create a unified picture of anomalous behavior and draw out actionable insights for defenders to stop attacks. Automated AI-driven analysis capabilities have so far been limited to the industry’s largest operators, where research budgets can support in-house development. Meanwhile, many small and mid-sized companies struggle to hire or train the personnel needed to maintain status quo cyberdefenses, leaving little budget for research and development expenses. That means a significant share of companies are getting left behind and becoming the weak links in the overall energy system.
To secure the entire energy ecosystem, the industry needs affordable, AI-driven cybersecurity monitoring services to harden OT targets regardless of fleet size or market share. By combining interoperable and manufacturer-agnostic AI technologies, and efficiently leveraging OT-native human expertise, small and medium-sized energy companies can gain access to monitoring, detection, and cyberattack prevention capabilities, a level of protection previously only attempted in-house at companies with large budgets.
Only by securing all the links in the energy value chain can the industry as a whole continue to develop smart infrastructure, electric vehicles, and decentralized power generation. That means ensuring small and medium-sized companies have the tools and technologies necessary to stop attacks before they start.
Leo Simonovich is vice president & global head of industrial cyber and digital security at Siemens Energy.