High end State and criminal hackers are targeting the utility sector on a daily basis. Despite the sector’s recognition of their cyber threat landscape, trends and best practices, many small and mid-sized utilities do not have the resident expertise to effectively identify, prioritize and mitigate key cyber risks.
Below is a 4 Point Plan to addressing key utility sector cybersecurity risks in real time:
1) Optimize an annual cybersecurity audit or baseline by:
- Updating and aligning current audit questionnaires
- Automating questionnaires to enable AI driven data analytics of trends and documentation of issues by region and sector
- Providing seamless access to affordable and impactful risk mitigation services that map to audit issues.
2) Implement affordable access to best of breed cyber risk ratings, continuous monitoring and mitigation services sector wide, enabling a majority of risks to be affordably identified and addressed in real time.Focus Limited Resources on identified Top Risk Priorities. A risk-based approach identifies data assets that are the most important to an operation. Rather than getting buried under the avalanche of threat alerts, this will enable a company to take their limited resources and focus on the assets that matter the most. BitSight Security Rating Platform generates measurements on a company’s security performance to produce daily security ratings. To learn how to reduce security risk with BitSight Security Ratings click here.
3) Maintain Inventory of Control System Devices: Control systems have a number of security risks that are often overlooked, including hardware-based, unsupported software, slow response to patch, and poor physical security. Maintaining inventory will help eliminate exposure to devices and external networks, thereby preventing cyber threat actors from finding pathways that will allow access to exploit control systems. A detailed inventory of control systems, including all hardware and software controls utilized in support of operations, information pertaining to device/model type, and a serial number is part of effective protection. It can mean the difference between minutes versus days when assessing vulnerabilities.Tanium can help make the right decisions about asset utilization with fresh and accurate inventory information.
4) Leverage the Following Best of Breed Technologies:
-Implement Operational Technologies (OT) for improvements in unified monitoring and detection strategies to address threats;
-Industrial Control Systems (ICS) Sensor, which provides an opportunity for improvement in unified monitoring and detection strategies to address threats. Radiflow is a leading provider of cybersecurity for ICS and SCADA networks in the utility sector;
-Sandbox Technologies is a software management strategy that isolates applications from critical systems and other programs, and;
-Implement technologies in OT and ICS that identify threat vectors and include the use of honey pots to attract and trap adversaries. D3 Security is a single incident management solution that enables situational awareness across cyber threats, risk assessments and the status of compliance with standards such as NERC.
To tackle increasing cyber risks, companies need to put cybersecurity measures at the very heart of the business.