Cyber security investment in utilities sector

18th February 2019

Photograph of Simon Whitburn

Simon Whitburn
Senior Vice President Cyber Security Services

The benefits of cheap, intelligent and connected sensors and control devices are capable of delivering huge benefits to the utilities sector. But unless significant attention is paid to cyber security throughout the industries involved, the reality is that threats from the internet are more likely to wreak havoc than ever before.

These smart assets, put together under the umbrella term “Internet of Things” (IoT), can be installed and connected quickly and easily. They can increase efficiencies and lower costs but as a report by ABI Research reveals, costs, resources and time constraints conspire to move cyber security to the end of a long list of priorities.

The threat to operational technology

Each device added increases the attack vectors available to bad actors. Often this is compounded by the fact that the devices are manufactured with little regard to security. For example the Mirai botnet, used to launch various massive distributed denial of service attacks between 2012 and 2016, had been created by malware that took over more than half a million surveillance cameras, home routers, air quality sensors and other IoT devices.

The malicious code used just 64 well-known default username and password combinations installed in operating systems – combinations that manufacturers or end-users should be changing before the devices are used.

A more recent attack, this time a ransomware attack on a water company in North Carolina, USA, caused damage to essential databases. The company was already hard-pressed recovering from the effects of Hurricane Florence in September 2018 when it was hit by the Emotet crypto-virus. Operational systems were fortunately unaffected but because the company (admirably) refused to pay any ransom demands, IT staff had to rebuild systems and databases from the ground up.

Digital transformation risks

The ABI report reveals that an estimated US$8bn would have been spent on securing utility infrastructures from cyber threats. But of that, only a small proportion will be spent on operational technology (OT) and smart systems.

Connecting sensors, meters, control units and other devices has undoubted benefits. Utilities organisations are embarking on modernisation programmes to roll out the new technology although there will be cross-over periods where old technology co-exists with new, increasing the complexities of systems as a whole, which in turn increases risk.

Organisation-wide protection

Investment in device-agnostic protection technologies makes sense in environments where devices from different technical generations, different manufacturers and running different operating systems share the same networks and use the same sensitive information.

Nominet’s NTX platform provides such protection, detecting and pinpointing threats on your network immediately. It integrates easily with existing security investments, providing you with visibility and protection on critical threats such as malware, phishing, and data exfiltration.

Quantifying the threat to the utilities sector

To see the size of the threat facing organisations in the utilities sector, which are attractive to cyber threats from both criminal and activist internet activity, download our easy-to-digest infographic. It arms you with all the facts and figures you need to support cyber security improvements.

Download Infographic