This is a "smart" world. From smart grids and smart weapons to smart phones and smart appliances, technology is driving increased capabilities, improved productivity and greater cost efficiency. But there is an irony in this proliferation of high-tech efficiency, and that is the inability of technology, by itself, to deliver "smart" cybersecurity.
Sophisticated technology tools are capable of detecting and blocking a majority of cyber threats faced by most users. But in vital industries and government agencies where compromised systems can have far-reaching consequences, tools alone are insufficient. These enterprises - the energy industry among them - are often the targets of advanced threats from highly motivated attackers.
In this high-value, high-risk echelon, the term “smart” must be expanded to encompass not only cybersecurity technology solutions, but also human insight and industry collaboration. Our company, which has taken a leadership role in developing this three-pronged approach in the defense industry, calls the method “intelligence-driven cybersecurity.” Heightened concern - and spending In recent years, the energy industry has adopted elements of intelligence-driven cybersecurity, as it has recognized the risk exposure that comes with complex technology for managing, controlling and connecting information technology (IT) networks through smart generation, transmission and distribution systems.
Cybersecurity spending projections confirm that the industry’s concern over its vulnerability to cyber attacks is growing. By 2020, spending on smart grid cybersecurity is expected to reach $608 million, representing a 70% increase in eight years, according to Pike Research, a part of Navigant’s energy practice.
That figure would place cybersecurity second only to distribution automation in utilities’ overall IT investment. Given this increase in both the threat exposure and spending to combat it, a comprehensive, collaborative approach is becoming even more important to ensuring that the industry is receiving an effective and cost-efficient return on its cybersecurity investment.
Understanding the enemy Knowledge is the foundation of the intelligence-driven approach. Cybersecurity professionals widely agree that 80% of all intrusion attempts are carried out using low-cost attack mechanisms that typically can be stopped through best practices, proper configurations and comprehensive network monitoring.
It is the other 20% - the advanced threats - that present the greater danger. These attacks are typically designed to establish a presence deep inside the targeted network, where they can disable or circumvent security tools to exfiltrate data or - the primary concern of the energy industry - to damage operational systems that control the grid. Here’s where knowledge of the attackers’ tactics, techniques and procedures becomes invaluable.
To protect our company’s own systems and those of our critical government and commercial clients, we have extensively studied advanced threats and developed a detailed description of the seven-phase Cyber Kill Chain that characterizes their progression.
When an attempted intrusion has been detected, the kill chain methodology allows cyber professionals to determine the phase of the attack and extrapolate how it would have played out had it not been detected. The security team is able to analyze and document the anatomy of the attack, perform system-wide mitigation, and install customized defenses and mitigations against similar attacks at each phase of the kill chain that increases the attackers’ cost and complexity while reducing the likelihood of future successful attacks.
Moreover, our company compiles information about each intrusion it encounters in a database that increases its security intelligence. To stay ahead of evolving threats, the corporation tracks more than 30 adversarial groups and continually generates new detection capabilities, intelligence management practices and technologies to mitigate them.
Importance of collaboration The effectiveness of this approach is multiplied when companies work together to identify threats and share cyber intelligence. Employed with great success by the defense industrial base, collaboration also has been taking hold in the energy, financial services and healthcare industries, which by their natures recognize the importance of cooperation.
In addition to providing cybersecurity services to several major energy companies, we have been working with cybersecurity analysts from leading utilities in regular webinars that complement real-time collaboration within the energy industry. Members of this information-sharing community provide one another with insights, concerns, best practices and actionable intelligence so that security solutions do not have to be continually reinvented. Industry-wide collaboration also is evident in initiatives that provide common cybersecurity training and joint simulations.
This approach will play an essential role in the energy industry’s ability to “connect the dots” and address the cybersecurity challenge inherent in the growth of smart grid technologies. A good example is American Electric Power’s gridSMART project, which we support through cybersecurity intelligence management applications and services.
The challenges ahead As automation and smart grid technologies continue to improve the efficiency of power distribution in North America and throughout the world, there is no shortage of challenges to protect the industry from malicious attacks. Securing mobile communication devices, advanced equipment and control systems will require close collaboration between utility companies and vendors to ensure that robust cybersecurity is integrated into all aspects of the power grid architecture.
Perhaps most important, however, will be the continued adoption of knowledge management and collaborative practices to establish a comprehensive, proactive defense against advanced and continuously evolving cyber threats. This will require a firm commitment by the industry to recruit and train cybersecurity professionals and to maintain cybersecurity as a priority focus of the industry.
Our energy practice is already seeing a stepped-up commitment by many of the industry’s leading companies, which are applying best practices and expertise to define their security strategies and prioritize their spending for maximum impact. The industry is recognizing that as the sophistication of its infrastructure grows, so must the sophistication of its approach to cybersecurity.
Just as smart technologies are the future of the energy industry, intelligence-driven cybersecurity that combines technology, knowledge and collaboration is the future of the industry’s protection.
Rich Mahler is senior manager of energy and cyber services at Lockheed Martin. Based in Bethesda, Md., Lockheed Martin is a global security and aerospace company that is engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services.
