Integration of IT/OT driving utility cybersecurity

As the world becomes more integrated and connected, once overlooked vulnerability points are evolving into potential threat targets. Increasing the threat are smart technologies like the Internet of Things, cloud, and mobility coupled with multiple networks and diversified assets. The use of a common information technology (platform networking hardware to communicate with substation intelligent electronic devices (IED) also makes cybersecurity a growing concern. Credit: iStock Efforts to counter these mounting threats are fueling cybersecurity adoption in the U.S. power industry, and layered solutions can help reduce vulnerabilities related to remote access. The scale of security implementation will depend on the industry's capability to integrate the information technology (IT) and operational technology (OT) worlds, according to Frost & Sullivan. Security intelligence and event management (SIEM) and real-time threat processing will be the most prevalent on-demand security intelligence platforms as traditional use cases for SIEM in compliance, storage, and forensic investigations remain crucial and, in some cases, indispensable where SIEM capabilities must be used to develop and bolster an integrated cyber-defense platform. "The business case… is strong as vendors use advanced analytics, statistical baselines, and network behavioral anomaly detection to prevent data exfiltration," explained Frost & Sullivan Network Security Industry Analyst Christopher Kissel. "To block network access from a bad IP address, SIEM engines employ bidirectional communication with other security platforms such as next-generation firewalls, intrusion detection and intrusion protection systems, and network access control." However, SIEM engines also compete with endpoint security platforms and cyber-defense platforms, vying for limited budgets and lowering scope for adoption. Furthermore, a timing element might obstruct threat mitigation once a miscreant reaches the SIEM, affecting reliability, Frost & Sullivan says. Nevertheless, in most cases, the analytics applied to SIEM may be the last opportunity a network security team has to detect a breach before wide exfiltration occurs. Moreover, intense competition among big industry players like Hewlett-Packard, Intel Security, RSA, IBM, Splunk, and LogRhythm is accelerating technology advancements, according to Frost & Sullivan. "The ability to ingest, index and cross-correlate network and application telemetry will become a product differentiator," said Kissel. Networks, such as those present in utilities and critical infrastructure facilities, send and receive large volumes of sensitive data in real-time outside industrial networks. Meanwhile, the deployment of smart grids presents the issue of data privacy. "Employing a layered or in-depth defense strategy will help reduce vulnerabilities," said Frost & Sullivan Industrial Automation and Process Control Senior Research Analyst Sonia Francisco. "Monitoring and controlling endpoints and networks through multifactor authentication, and restricted process area access can go a long way in overriding the risks of distributed assets." While regulatory compliance is the main driver for uptake of cybersecurity, utilities remain unsure of the reliability and returns associated with investing in these solutions. End users remain skeptical since there is never a guarantee of full protection even with the use of firewalls, intrusion detection and prevention systems, as all software-based solutions are penetrable. The lack of awareness on the implications of keeping unprotected assets and the increasing complexity of regulations also deter utilities from deploying cybersecurity systems. Moreover, products are often provided by niche suppliers that do not commonly work with enterprise IT platforms, and therefore do not meet the needs of end users. "Air gapping coupled with the use of proprietary communication protocols was, for a long time, the primary strategy employed by various power utilities. In a world that's becoming defined by closer integration and connectivity, successful implementation of industrial security solutions in the future will depend on the seamless merging of information technology and operational technology," Francisco contends. For more: - see this article Related articles: Utilities spending more on IT systems for smart grid Utilities: The 9 things to worry about most The IT/OT Integration Imperative Read more about: cybersecurity back to top