[ad_1]
In early 2021, Americans living on the East Coast learned a sharp lesson about the growing importance of cybersecurity in the energy industry. A ransomware attack has struck the company that operates the Colonial Pipeline, the main infrastructure artery that carries nearly half of all liquid fuels from the Gulf Coast to the eastern United States. Knowing that at least some of their computer systems have been compromised and cannot be sure of the extent of their problems, the company is forced to resort to a brute-force solution: to shut down the entire pipeline.
Leo Simonovic is the Vice President and Global Head of Industrial Cyber and Digital Security at Siemens Energy.
The disruption of fuel supply had huge consequences. Fuel prices immediately jumped. The president of the United States got involved, trying to reassure panicked consumers and businesses that fuel would soon be available. Five days and untold millions of dollars in economic damage later, the company paid a $ 4.4 million ransom and resumed operations.
It would be a mistake to view this incident as the history of a pipeline. In the energy sector, more and more physical equipment that produces and moves fuel and electricity across the country and around the world relies on digitally controlled, grid-connected equipment. Systems designed and engineered for analog operations have been upgraded. The new wave of low-emission technologies – from solar to wind to combined cycle turbines – are essentially digital technologies that use automated control to push any efficiency out of their respective energy sources.
Meanwhile, the COVID-19 crisis has accelerated a separate trend towards remote control and increasingly complex automation. A huge number of workers have switched from reading dials in a factory to reading screens on the couch. Powerful tools to change the way power is produced and directed can now be changed by anyone who knows how to log in.
These changes are great news – the world is getting more energy, lower emissions and lower prices. But these changes also highlight the types of vulnerabilities that led to the abrupt shutdown of the colonial pipeline. The same tools that make legal workers in the energy sector more powerful become dangerous when they are kidnapped by hackers. For example, difficult-to-replace equipment can be given commands to shake to pieces, with pieces from the national network being excluded from commissions for months.
For many nation states, the ability to push a button and wreak havoc on the economy of a rival state is highly desirable. And the more energy infrastructure becomes hyper-connected and digitally managed, the more goals offer just that opportunity. It is therefore not surprising that an increasing proportion of cyberattacks observed in the energy sector have shifted from information technology (IT) to operational technology (OT), equipment that directly controls the plant’s physical operations.
To stay on top of the challenge, Chief Information Security Officers (CISOs) and their Security Centers (SOCs) will need to update their approaches. The protection of operational technologies requires different strategies – and a separate knowledge base – from the protection of information technologies. For starters, defenders need to understand the operating condition and tolerances of their assets – a command to push steam through a turbine works well when the turbine is hot, but can break it when the turbine is cold. Identical commands can be legitimate or malicious, depending on the context.
Even collecting the contextual data needed to monitor and detect threats is a logistical and technical nightmare. Typical energy systems consist of equipment from several manufacturers, installed and upgraded over decades. Only state-of-the-art layers are created with cybersecurity as a design constraint, and almost none of the machine languages used have ever been designed to be compatible.
For most companies, the current state of maturity of cybersecurity leaves much to be desired. Almost omniscient views on IT systems are combined with large blind spots from the NW. Data lakes swell with carefully collected results that cannot be combined into a coherent, comprehensive picture of the operational state. Analyzers burn with fatigue as they try to manually sort benign signals from subsequent events. Many companies cannot even make an exhaustive list of all digital assets legally connected to their networks.
In other words, the ongoing energy revolution is a dream of efficiency – and a nightmare of security.
Securing the energy revolution requires new solutions that are equally capable of identifying and responding to threats from the physical and digital worlds. Security Operations Centers will need to integrate IT and OT information flows, creating a single flow of threats. Given the scale of the data flows, automation will have to play a role in applying operational knowledge to generate signals – is this command compatible with normal operation or does the context indicate that it is suspicious? Analysts will need broad, deep access to contextual information. And protection will have to grow and adapt as threats develop and businesses add or retire assets.
This month, Siemens Energy launched a monitoring and detection platform aimed at addressing the main technical and capacity challenges for CISO, charged with critical infrastructure protection. Siemens Energy engineers have done the work needed to automate a unified threat stream, allowing their offering, Eos.ii, to serve as a unified SOC capable of unleashing the power of artificial intelligence in the challenge of monitoring energy infrastructure.
AI-based solutions meet the dual need for adaptability and constant vigilance. Machine learning algorithms, when trawling vast amounts of operational data, can learn the expected relationships between variables, recognize patterns invisible to the human eye, and highlight anomalies for human research. Because machine learning can be trained on real data, it can learn the unique characteristics of each production site and can be retrained to distinguish between benign and subsequent anomalies. Analyzers can then adjust the signals to monitor for specific threats or ignore known noise sources.
Expanding surveillance and detection in OT space makes it difficult to hide attackers — even when using unique zero-day attacks. In addition to studying traditional signals such as signature-based detection or network traffic spikes, analysts can now observe the effects that new inputs have on real equipment. Cleverly disguised malware would still raise red flags, creating operational anomalies. In practice, analysts using artificial intelligence-based systems have found that their Eos.ii detection mechanism is sensitive enough to predict maintenance needs, such as when the bearing begins to wear out and the steam-to-leakage ratio. energy begins to deviate.
Properly done, monitoring and detection, which covers both IT and OT, should leave intruders exposed. Analyzers that investigate alerts can track users’ history to determine the source of anomalies, and then go back to see what else has changed in a similar period of time or by the same user. For energy companies, increased precision means drastically reduced risk – if they can determine the extent of penetration and identify which specific systems have been compromised, they are given the opportunity for surgical responses that solve the problem of minimal collateral damage – say, the exclusion of a branch and two pumping stations instead of an entire pipeline.
As energy systems continue their trend toward hyperconnectivity and widespread digital control, one thing is clear: a company’s ability to provide reliable services will depend more and more on their ability to create and maintain strong, accurate cybersecurity. AI-based monitoring and discovery offers a promising start.
To learn more about Siemens Energy’s new AI-based monitoring and detection platform, check out their latest Eos.ii white paper.
Learn more about Siemens Energy’s cybersecurity at Siemens Energy Cybersecurity.
This content is produced by Siemens Energy. Not written by the MIT Technology Review.
[ad_2]
Source link