in Up Front
print the content item



This is a "smart" world. From smart grids and smart weapons to smart phones and smart appliances, technology is driving increased capabilities, improved productivity and greater cost efficiency. But there is an irony in this proliferation of high-tech efficiency, and that is the inability of technology, by itself, to deliver "smart" cybersecurity.

Sophisticated technology tools are capable of detecting and blocking a majority of cyber threats faced by most users. But in vital industries and government agencies where compromised systems can have far-reaching consequences, tools alone are insufficient. These enterprises - the energy industry among them - are often the targets of advanced threats from highly motivated attackers.

In this high-value, high-risk echelon, the term “smart” must be expanded to encompass not only cybersecurity technology solutions, but also human insight and industry collaboration. Our company, which has taken a leadership role in developing this three-pronged approach in the defense industry, calls the method “intelligence-driven cybersecurity.”

Heightened concern - and spending

In recent years, the energy industry has adopted elements of intelligence-driven cybersecurity, as it has recognized the risk exposure that comes with complex technology for managing, controlling and connecting information technology (IT) networks through smart generation, transmission and distribution systems.

Cybersecurity spending projections confirm that the industry’s concern over its vulnerability to cyber attacks is growing. By 2020, spending on smart grid cybersecurity is expected to reach $608 million, representing a 70% increase in eight years, according to Pike Research, a part of Navigant’s energy practice.

That figure would place cybersecurity second only to distribution automation in utilities’ overall IT investment. Given this increase in both the threat exposure and spending to combat it, a comprehensive, collaborative approach is becoming even more important to ensuring that the industry is receiving an effective and cost-efficient return on its cybersecurity investment.

Understanding the enemy
Knowledge is the foundation of the intelligence-driven approach. Cybersecurity professionals widely agree that 80% of all intrusion attempts are carried out using low-cost attack mechanisms that typically can be stopped through best practices, proper configurations and comprehensive network monitoring.

It is the other 20% - the advanced threats - that present the greater danger. These attacks are typically designed to establish a presence deep inside the targeted network, where they can disable or circumvent security tools to exfiltrate data or - the primary concern of the energy industry - to damage operational systems that control the grid. Here’s where knowledge of the attackers’ tactics, techniques and procedures becomes invaluable.

To protect our company’s own systems and those of our critical government and commercial clients, we have extensively studied advanced threats and developed a detailed description of the seven-phase Cyber Kill Chain that characterizes their progression.

When an attempted intrusion has been detected, the kill chain methodology allows cyber professionals to determine the phase of the attack and extrapolate how it would have played out had it not been detected. The security team is able to analyze and document the anatomy of the attack, perform system-wide mitigation, and install customized defenses and mitigations against similar attacks at each phase of the kill chain that increases the attackers’ cost and complexity while reducing the likelihood of future successful attacks.

Moreover, our company compiles information about each intrusion it encounters in a database that increases its security intelligence. To stay ahead of evolving threats, the corporation tracks more than 30 adversarial groups and continually generates new detection capabilities, intelligence management practices and technologies to mitigate them.

Importance of collaboration
The effectiveness of this approach is multiplied when companies work together to identify threats and share cyber intelligence. Employed with great success by the defense industrial base, collaboration also has been taking hold in the energy, financial services and healthcare industries, which by their natures recognize the importance of cooperation.

In addition to providing cybersecurity services to several major energy companies, we have been working with cybersecurity analysts from leading utilities in regular webinars that complement real-time collaboration within the energy industry. Members of this information-sharing community provide one another with insights, concerns, best practices and actionable intelligence so that security solutions do not have to be continually reinvented. Industry-wide collaboration also is evident in initiatives that provide common cybersecurity training and joint simulations.

This approach will play an essential role in the energy industry’s ability to “connect the dots” and address the cybersecurity challenge inherent in the growth of smart grid technologies. A good example is American Electric Power’s gridSMART project, which we support through cybersecurity intelligence management applications and services.

The challenges ahead
As automation and smart grid technologies continue to improve the efficiency of power distribution in North America and throughout the world, there is no shortage of challenges to protect the industry from malicious attacks. Securing mobile communication devices, advanced equipment and control systems will require close collaboration between utility companies and vendors to ensure that robust cybersecurity is integrated into all aspects of the power grid architecture.

Perhaps most important, however, will be the continued adoption of knowledge management and collaborative practices to establish a comprehensive, proactive defense against advanced and continuously evolving cyber threats. This will require a firm commitment by the industry to recruit and train cybersecurity professionals and to maintain cybersecurity as a priority focus of the industry.

Our energy practice is already seeing a stepped-up commitment by many of the industry’s leading companies, which are applying best practices and expertise to define their security strategies and prioritize their spending for maximum impact. The industry is recognizing that as the sophistication of its infrastructure grows, so must the sophistication of its approach to cybersecurity.

Just as smart technologies are the future of the energy industry, intelligence-driven cybersecurity that combines technology, knowledge and collaboration is the future of the industry’s protection.

Rich Mahler is senior manager of energy and cyber services at Lockheed Martin. Based in Bethesda, Md., Lockheed Martin is a global security and aerospace company that is engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services.



Hse SandyHook
Latest Top Stories

Sensus Smart Meters Tied To More Overheating Incidents And Fires

SaskPower is investigating two new meter failures, and Portland General Electric is working to replace 70,000 Sensus units amid fire concerns.


SaskPower Halts Smart Meter Installations Following Fires

The Canadian utility has suspended its smart meter deployment as it investigates half a dozen fires associated with the meters.


New Study Underscores Value Of Customer Engagement, Ranks Most-Trusted U.S. Utilities

According to the report, which analyzes 125 utilities across the country, earning a customer's trust can lead to monetary gains.


Washington State Doles Out Cash For Utility Energy Storage Projects

Three utilities have been awarded millions of dollars in grants to explore energy storage technology that could help integrate renewable and improve the power grid.


Utilities Reveal Just How Much Customers Are Saving With Energy Efficiency Programs

Two U.S. utility companies have issued progress reports and solid numbers regarding their respective initiatives.

S&C Electric_id176
edf_id180