Securing the energy revolution and the future of IoT

In early 2021, Americans living on the East Coast received a harsh lesson about the growing importance of cybersecurity in the energy industry. A ransomware attack hit the company that operates Colonial Pipeline, the main infrastructure artery that carries nearly half of all liquid fuels from the Gulf Coast to the eastern United States. Knowing that at least some of its IT systems had been compromised and it could not be sure of the extent of its problems, the company was forced to resort to a brute force solution: shutting down the entire pipeline.

Leo Simonovich is Vice President and Global Head of Industrial Cybersecurity and Digital Security at Siemens Energy.

The disruption of the fuel supply had enormous consequences. Fuel prices skyrocketed immediately. The president of the United States got involved, trying to assure panicked consumers and businesses that the fuel would be available soon. Five days and untold millions of dollars in economic damage later, the company paid a $ 4.4 million ransom and reestablished operations.

It would be a mistake to see this incident as the story of a single pipeline. Across the energy sector, an increasing number of physical equipment producing and transporting fuel and electricity across the country and around the world rely on digitally controlled network equipment. Systems designed and manufactured for analog operations have been modernized. The new wave of low-emission technologies, from solar to wind to combined cycle turbines, are inherently digital technology, using automated controls to squeeze every efficiency out of their respective power sources.

Meanwhile, the Covid-19 crisis has accelerated a separate trend toward remote operation and increasingly sophisticated automation. A lot of workers have gone from reading dials in a plant to reading screens from their sofa. Anyone who knows how to log in now can modify powerful tools to change the way power is generated and routed.

These changes are great news: the world gets more energy, less emissions, and lower prices. But these changes also highlight the types of vulnerabilities that abruptly brought the Colonial Pipeline to a halt. The same tools that make legitimate energy workers more powerful become dangerous when hijacked by hackers. For example, hard-to-replace equipment can be given orders to break apart, taking parts of a national network out of service for months at a time.

For many nation-states, the ability to push a button and wreak havoc on a rival state’s economy is highly desirable. And the more the energy infrastructure is hyperconnected and digitally managed, the more targets offer exactly that opportunity. Not surprisingly, then, a growing share of cyberattacks observed in the energy sector have shifted from focusing on information technology (IT) to focusing on operational technologies (OT), the equipment that directly controls the technologies. physical operations of the plant.

To stay on top of the challenge, CISOs and their security operations centers (SOCs) will need to update their approaches. The defense of operational technologies requires different strategies, and a different knowledge base, than the defense of information technologies. For starters, advocates need to understand the operational status and tolerances of their assets: A command to push steam through a turbine works fine when the turbine is hot, but can break it when the turbine is cold. Identical commands can be legitimate or malicious, depending on the context.

Even collecting the contextual data necessary for threat detection and monitoring is a logistical and technical nightmare. Typical power systems are comprised of equipment from various manufacturers, installed and modernized over decades. Only the most modern layers were built with cybersecurity as a design constraint, and almost none of the machine languages ​​used were thought to be supported.

For most companies, the current state of maturity in cybersecurity leaves much to be desired. Near-omniscient views of IT systems are combined with large OT blind spots. Data lakes are filled with carefully collected results that cannot be combined into a consistent and complete picture of operational status. Analysts burn out under alert fatigue as they try to manually classify benign alerts for consequential events. Many companies cannot even produce a complete list of all digital assets legitimately connected to their networks.

In other words, the current energy revolution is an efficiency dream and a security nightmare.

Securing the energy revolution requires new solutions equally capable of identifying and acting against threats from both the physical and digital world. Security operations centers will need to bring together IT and OT information flows, creating a unified threat flow. Given the scale of data flows, automation will need to play a role in applying operational knowledge to alert generation: is this command consistent with normal business or does the context show it to be suspicious? Analysts will need broad and deep access to contextual information. And defenses will need to grow and adapt as threats evolve and companies add or retire assets.

This month, Siemens Energy introduced a monitoring and detection platform aimed at solving key technical and capacity challenges for CISOs tasked with defending critical infrastructure. Siemens Energy engineers have performed the necessary groundwork to automate a unified threat flow, enabling their offering, Eos.ii, to serve as a fusion SOC capable of unleashing the power of artificial intelligence in the challenge of monitoring infrastructure. energetic.

AI-based solutions respond to the dual need for adaptability and persistent vigilance. Machine learning algorithms that track large volumes of operational data can learn expected relationships between variables, recognize patterns invisible to human eyes, and highlight anomalies for human investigation. Because machine learning can be trained on real-world data, it can learn the unique characteristics of each production site and can be iteratively trained to distinguish benign and consequential anomalies. Analysts can then adjust alerts to observe specific threats or ignore known sources of noise.

The extension of monitoring and detection to the OT space makes it more difficult for attackers to hide, even when deploying one-time zero-day attacks. In addition to examining traditional signals like signature-based detection or network traffic spikes, analysts can now look at the effects new inputs have on real-world computers. Cleverly disguised malware would still generate red flags by creating operational anomalies. In practice, analysts using AI-based systems have found that its Eos.ii detection engine was sensitive enough to predictively identify maintenance needs, for example when a bearing starts to wear out. and the relationship between the steam that enters and that which is extinguished begins to vary. .

Done correctly, monitoring and detection spanning both IT and OT should leave intruders exposed. Analysts investigating alerts can track user histories to determine the source of anomalies and then move on to see what else was changed in a similar time period or by the same user. For energy companies, greater accuracy translates to dramatically reduced risk: If they can determine the scope of an intrusion and identify which specific systems were compromised, they get options for surgical responses that fix the problem with minimal collateral damage, for For example, shutting down a single branch and two pump stations instead of a complete pipeline.

As power systems continue their trend toward hyper-connectivity and ubiquitous digital controls, one thing is clear: a given company’s ability to provide reliable service will increasingly depend on its ability to create and maintain robust and accurate cyber defenses. . AI-based monitoring and detection offers a promising start.

For more information on Siemens Energy’s new AI-based detection and monitoring platform, see their recent white paper on Eos.ii.

Learn more about cybersecurity from Siemens Energy at Siemens Energy Cybersecurity.

This content was produced by Siemens Energy. It was not written by the editorial staff of MIT Technology Review.

Leave a Reply

Your email address will not be published. Required fields are marked *