The utility industry faces a significant challenge: provide service continuity while keeping persistent threats at bay.
The utility sector is vital to the successful functioning of modern society and economies. Whether it’s electricity generation, oil and gas, telecom, or water, the services these organizations provide are essential for people to work and live and for businesses to operate.
These organizations are generally well-established and have large-scale sites and operational facilities that need to be kept physically secure. Less obviously, but equally importantly, the technology infrastructure that runs the operations of these types of organizations
also needs to be kept secure.
Due to the vital role these organizations play, they are attractive targets for threat actors wanting to cause serious disruption through cyberattacks. Motivation for doing so includes hacktivists wanting to make a political point, hostile nation-states wanting to cause economic damage or criminals seeking to extort money.
Utility organizations are also vulnerable due to the operational technology (OT) — much of which has been in place for decades – they rely on to provide their services. This includes industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.
Due to their age and the way in which they operate, these systems were historically separate from external networks, giving them a high level of network security.
However, with the increasing need for these OT systems to interact with external devices such as smart meters as part of the Internet of Things, and to connect to the internet to provide a digital customer experience, their attack surface has expanded, leaving them more vulnerable to threats.
As for the specific threats that the utility sector faces, Distributed Denial-of-Service (DDoS) is the most common type of attack, with threat actors bombarding services with web traffic until they can no longer function. According to analytics firm Netscout’s Cyber Threat Horizon tracker, there were 1,780 DDoS attacks on utility providers globally between June 15 and August 21, 2020, a 595 percent year-on-year increase.
Ransomware is also on the radar, as the disruption that threat actors could cause by attacking utility operations could be sizeable. For For example, stopping the generation of electricity could see millions of people and essential services left without power, promising a lucrative payday to get systems operational again. Disruption to telecom businesses, meanwhile, could hamper important communications services needed by essential services, businesses, and private individuals.
