Fight crime with a culture change
Russ Madley explains why energy networks are in desperate need of a culture change
27th June 2016 by Networks
There has been speculation recently that the late 2015 power outages in Ukraine were in fact the result of a deliberate attempt to knock the power grid offline. One way or another, the threat to critical infrastructure is definitely something that governments and companies responsible for such installations must take seriously.
With the majority of cyberattacks, a hacker’s motivation is driven by financial gain. But on other occasions, hackers aim to disrupt the lives of as many people as possible – and successfully infiltrating a power supplier would be a perfect way to do this.
One of the main problems is that organisations in an industrial and/or critical infrastructure setting generally place a much higher priority on continuity of processes than on data protection.
So software and systems often go unpatched for extended periods, with their operators relying on air-gaps, firewalls and sandboxing to protect from malefactors – and neglecting or deprioritising good security hygiene at an endpoint level. This not only makes them attractive targets for cybercriminals, but increases their risk of becoming collateral victims of rogue malware. In fact, it’s estimated that up to 80% of control system security incidents are unintentional.
It’s clearly important that systems are secured effectively, to prevent them being compromised. Yet the truth has always been that, despite all efforts, there’s no such thing as 100% security.
For example, in 2011, after the targeted attack on RSA, there was an attempt to breach the systems of Lockheed Martin: this highlights the dangers of ‘stepping-stone’ attacks, in which information stolen from further along the supply chain of a company can be used in a subsequent attack (sometimes using a smaller, potentially less secure organisation to gain access to a larger one).
It is no longer about protecting corporate endpoints, networks and traffic with a robust security solution – it’s about a deep, multi-layered, tailored and continuous approach to security.
Partner networks, education and training all play a critical role in protecting critical infrastructures, but governments must step up too. Regardless of whether cyberattacks on critical infrastructure are motivated by politics or piracy, they will continue and increase unless they are stopped, and stopped now.
Russ Madley head of B2B at Kaspersky Lab
Login on register to comment
The future for vegetation management
Why networks should focus on data not trees to overcome the costly challenges involved in vegetation management
An unprecedented opportunity for change
Why short interruptions will matter in RIIO-ED2 and how to address them.
Time for less talk and more action on decarbonisation
Core "oven-ready" solutions to decarbonising heat and transport exist today and should be implemented without delay, says WPD's future power networks expert.
Related supplier content
Load patterns and lockdown: how Covid-19 is impacting electricity networks
Insights into dynamics on the low voltage network as the outbreak unfolds
How E.ON. is helping the City of London become a zero emissions city
Discover Citigen. Deep in the heart of our bustling capital
The Innovation Factor: Managing the transition to smart communication technologies in the electricity distribution sector white paper
The transition from legacy communications systems to new technologies can seem daunting for organisations in the electricity sector. But with market dynamics changing rapidly