The potential for cyber attacks on utilities companies providing water or power to a country is very real. Indeed, utilities are hacked more often than many think. There are plenty of scary examples such as North Korea allegedly targeting US electricity firms, the WannaCry ransomware worm earlier this year or the infiltration of a New York dam in 2013.
Much of the time hackers are just testing out different areas for vulnerabilities rather than being out to cause destruction or take control. But terrorism always remains one clear and present danger. I know a lot of security professionals within utilities who are increasingly convinced they will face an attack in the next few years. This piece from Wired paints an interesting, and perhaps worrying, picture of how and why it happens.
Now it would take great planning and skill to cause a doomsday scenario; one that impacts on a vast scale to cripple businesses, consumers and an economy. Experts know the risks, but could as this Bloomberg article suggests, the lights go out in America? Utility companies always work hard to combat cyber attacks and each has its own stringent security protocols. However, too many still rely on legacy IT, presenting a real risk from unpatched or older software, hardcoded passwords and a lack of expertise for repairs and upgrades.
More security services can always be put into place but too often these are not based on a single provider, a partner who can secure business infrastructure within the cloud as well as on-premises. This may be due to apprehension among IT directors, CTOs and CEOs over the cost of taking on such a huge project and its resulting complexity. However, spending money on random bits of software eventually creates havoc when integrating everything with current technologies; offering a low ROI as it will soon need upgrading or replacing.
Should an attack occur, one single provider means a dedicated contact to go to for help, instead of wasting precious time trying to work out who is responsible for a single piece of infrastructure operating in a silo. A MSS provider has the knowledge and expertise to secure a business. They will have 24/7 Security Operations Centres and specialised security staff in these SOCs to monitor all elements of your infrastructure. This ensures you receive real-time updates on what is happening, spot any potential threats fast and get immediate notifications of attacks that need your attention. This Computer Weekly article delves deeper into the reasons why MSS could represent the practical choice.
While there are no Government regulations to force the implementation of MSS, it should surely be best practice in an industry so reliant on constantly at-risk technology. But MSS is just one aspect. Utility companies must recognise the need to start moving their systems and infrastructure to cloud-based hosting. This will be harder for large incumbents who have been using on-premises equipment for years.
Such streamlining though means security teams get better visibility into their business to identify the risks and areas that need security focus; as well as understanding where money really needs to be spent most effectively. Aligning cloud with MSS gives confidence that incident response services are on hand while filtering out false alarms.
There are two key elements to consider:
- Real-time event and log file monitoring - creating a platform which could collect and track incidents in real-time. By applying advanced analytics and categorising them into a single dashboard, they can then easily be sent to an expert team for review.
- Managing and responding to incidents - by proactively monitoring an IT environment, you are able to analyse trends to identify and then respond to threats. This provides visibility and critical feedback on what has happened.
At CenturyLink, we fully understand the issues and reservations utility incumbents have. But, we also understand how MSS and cloud-based hosting is imperative for their future. The power now rests in their hands alone to mitigate future risks of a powerful surge in attacks. To find out more, and how CenturyLink can help, click here.