Subscribe to Email Updates

Guard Against Cybersecurity Risks by Understanding Weaknesses

Guard Against Cybersecurity Risks by Understanding Weaknesses

It’s not easy to protect something you don’t know you have. And yet, many power utilities have been attempting to do just that for years.

The fact is, it’s not unusual for utilities to be unaware of potential risks to their generation, transmission and distribution networks. Old systems that have been deactivated, for example, might still reside on a network and be vulnerable to exploitation.

Unidentified traffic, including everyone from disgruntled employees to nation-states, may be lurking, looking for opportunities to take control of and wreak havoc on the grid.

What utilities don’t know about their networks, in other words, can hurt them. That’s why the key to effective cybersecurity planning is visibility.

Visibility means knowing what is normally present on a network so you can recognize when an anomaly occurs. Once a utility takes a deep dive to identify its assets and the traffic that should be accessing them, it becomes easier to design cybersecurity measures that help protect, detect and respond to weaknesses and threats.

A Two-Pronged Approach

To be effective, a power utility’s security measures should include both vulnerability assessment and monitoring tools, each of which plays a distinct role in minimizing the risk of a breach.

Vulnerability assessments shine a light onto potential problems in a network or device at a specific moment in time. These assessments can take two forms. Most common are passive vulnerability assessments, paper-based tests that analyze how a system is configured and review its outputs against benchmarks.

Active vulnerability assessments involve sophisticated software that scans a device or network, looking for weaknesses that could result in a security breach. Active vulnerability assessments carry more risk than passive ones because they have the potential to negatively impact a system. But they also provide a broader picture of system vulnerability.

Because conditions constantly change, it takes more than a periodic vulnerability assessment to protect the grid. It also requires continuous monitoring of system behavior, so a utility can be alerted if an abnormality occurs.

Security information and event management (SIEM) software provides real-time insights into who is on a network and what they are doing. Intrusion prevention systems (IPS) complement SIEM by monitoring network or system activities, looking for patterns of behavior or anomalies that suggest malicious intent.

Deciding which of these security tools to implement depends on the device or network’s criticality to the grid and the potential risks it poses. That’s why asset identification is the first step toward cybersecurity.

Leave a comment

John Biasi
Written by John Biasi
John Biasi is a senior consultant in critical infrastructure cybersecurity, risk and reliability at 1898 & Co., part of Burns & McDonnell. He has extensive experience directing a broad range of IT security initiatives in planning, analysis and implementation of solutions in support of business objectives, and he has hands-on experience leading all aspects of network design on high-profile projects. John has a bachelor's degree in information technology and a Master of Business Administration in cybersecurity management from Excelsior College.

Related posts

Open Access Networks Provide Platform for Broadband Expansion
Open Access Networks Provide Platform for Broadband Expansion

Open access networks help bridge the gap in connection disparities by bringing in a third-party team to help plan, design and...

Enhancing Rural Electric Infrastructure for an Efficient Smart Grid
Enhancing Rural Electric Infrastructure for an Efficient Smart Grid

Across the United States, cooperatives and municipalities need to provide reliable power to keep communities thriving. For...