Five Steps for Strengthening Your Energy Cybersecurity Plan
Cybersecurity concerns are mounting for all businesses, but the energy sector has reason to be particularly concerned. According to Fortinet, the energy industry is ranked sixth among all industries for the prevalence of ransomware detections. With critical infrastructure, significant investments, and even physical safety at stake, what should you do to counter these cybersecurity threats in the energy sector?
We have a five-step guide for strengthening the energy cybersecurity posture in modern power plants:
- Analyze your current state
- Tackle IT and OT security issues
- Address issues that affect resilience
- Make a plan for recovery
- Take proactive modernization measures
Following these steps is an excellent way to ramp up your energy cybersecurity plan so you can minimize the chances of a successful breach.
Step 1: Analyze Your Current State
You can’t secure what you don’t know, so analyzing your current environment and where it stands is a necessary first step. Like many power plants, the environment might be a patchwork of technology spread out over multiple locations. Start with updating network diagrams to make sure all IT and OT assets are accounted for and you know how data flows between the assets.
Once you have a clear picture of the IT and OT networks you need to determine the security controls that must be met. NERC requirements and NIST 800-23 are power industry standards. Many organizations are adopting additional comprehensive security standards that exceed NERC requirements, such as CIS Critical Controls or NIST 800-53. Compare what you currently have to where you need to be to get your next steps for remediation.
As part of the analysis stage, it’s also important to interview key stakeholders to know how the environment operates, key aspects to be aware of, and vendors to take into consideration.
It can be helpful to hire a third-party partner to help with this discovery stage or perform a full gap analysis. At ProArch, for example, we help our clients in the power generation industry understand where their energy cybersecurity and compliance gaps are and make a plan for tackling them.
Step 2: Tackle Issues Affecting OT Security Posture
As you map out your current state, you will likely discover security or compliance gaps that need to be remediated. It’s important to resolve security issues by order of risk. An issue that often comes up in power plants is inadequate security in the OT environment. This may include a system that recently opened up communications between the IT and OT sides of the business, allowing the OT environment to communicate with systems it shouldn’t be able to. OT systems are the backbone of power generating facilities so any risks to those systems are critical to resolving.
To address this issue, these action items may be necessary:
- Take information out of segmented networks and extract data over to the IT side
- Update your OT patching levels to be on par with those you have for IT.
- Ensure data sharing is properly controlled through good boundaries that allow data to flow outbound from the network but not inbound.
Step 3: Address Issues That Affect Resilience
The next step to strengthening energy cybersecurity is to remediate concerns that impact resilience. This is crucial for critical infrastructure—you have to minimize downtime, meet compliance requirements, and keep up your side of contract commitments.
Unfortunately, critical infrastructure is a prime target for bad actors, and the average critical infrastructure vulnerability exists “in the wild” for 1,897 days, according to Gartner. In critical infrastructure attacks, cybercriminals know they have the upper hand due to the ripple effect of damage that can occur.
To be as prepared as possible for such extreme disruptions, it’s crucial to operate in as much of a supported state as possible and implement security controls that compensate for any gaps you may have.
What else can you do to ensure that your power plant’s security is resilient?
- Follow the founding principle of operating with the least amount of privilege possible: zero trust. Your system has to understand every process, asset, and security setting, then apply the least privileged access to ensure you’re operating in a secure environment.
- Set up governance. Once you have set up controls, you need to maintain them. Limit who can make changes, implement an approval process, and implement standards that are applicable to the security of the OT spaces.
- Implement 24/7 monitoring. Threats are always happening; you can’t afford to monitor only part-time.
- Consider increasing your budget allocation to the OT side so that you can leverage modern, OT-specific security tools that can detect threats in those assets.
Step 4: Ensure You Have the Ability to Recover and Respond
The next key step in your energy cyber security journey is to plan for the worst. If a breach does occur, you need to be able to recover and minimize downtime as much as possible.
When it comes to data, your backups are the only way to recover compromised data. But if backups aren’t secure, they can also be compromised making your data inaccessible and forcing you to pay the ransom with no guarantee you’ll receive the data.
“Because cyberattacks occur more and more often, it seems almost impossible to assure yourself that your data won’t be corrupted or stolen,” says Alexa Drake at G2. “Taking precautions against possible data breaches and backing up your sensitive data should be at the forefront of your mind.”
It’s also key to create an incident response plan so that you know what to do and when in the event of a breach. That means that you’re not starting from scratch every time there’s an incident and are unsure what to do. Also, perform tabletop exercises of your plan so your team can practice responding to theoretical threats. That way when a breach does occur, you can think clearly and act quickly.
Step 5: Take Proactive Modernization Measures
Once you have completed steps 1 through 4, it’s time to fill in any remaining best practices gaps in your environment. Make sure your servers are modern, hardened, and updated. Implement systems that can monitor and view all potential risks. Utilize the Cloud where you can to alleviate the burden of security management.
Filling in all of these gaps may seem like a challenge, especially considering the inherent complexity of the energy cybersecurity sector. This is where automation can be a game changer. Security automation along with a Managed Detection and Response program allows your team to do more with less. In addition to automation, a partner can be key for filling gaps in your security operations. The team at ProArch, for example, can be a partner through a full-on solution or simply be an on-call escalation point.
Cybersecurity threats are particularly concerning for the power industry and energy industries, so leaders should take steps now to strengthen and modernize their security posture. A good start is following our five-step guide: analyze your current state, address immediate issues, tackle issues that affect resilience, plan for recovery, and take proactive modernization measures.
If your IT team is already stretched thin, consider consulting a partner to fill in the gaps in your energy cybersecurity plan. At ProArch, we can help keep your power plant secure and monitor your OT and IT assets. Learn more here.