Securing the energy revolution and the future of IoT
In early 2021, Americans living on the East Coast were given a clear lesson about the growing importance of cybersecurity in the energy sector. A ransomware attack has hit the company that operates the Colonial Pipeline, the main infrastructure artery that transports nearly half of all liquid fuels from the Gulf Coast to the eastern United States. Knowing that at least some of their IT systems had been compromised and unable to be certain of the extent of their problems, the company was forced to resort to a brute-force solution: shutting down the entire pipeline.
The interruption of fuel delivery had enormous consequences. Fuel prices immediately skyrocketed. The President of the United States got involved, trying to assure panicked consumers and businesses that fuel would be available soon. Five days and millions of dollars in economic damage later, the company paid a ransom of $ 4.4 million and resumed operations.
It would be a mistake to view this incident as the story of a single pipeline. In the energy sector, more and more physical equipment that makes and transports fuel and electricity across the country and around the world rely on digitally controlled network equipment. Systems designed and manufactured for analog operations have been modernized. The new wave of low-emission technologies, from solar and wind to combined cycle turbines, are inherently digital technology, using automated controls to pull each efficiency from their respective energy sources.
Meanwhile, the covid-19 crisis has accelerated a distinct trend toward remote operation and increasingly sophisticated automation. Large numbers of workers have gone from reading dials in a factory to reading screens from their sofas. Powerful tools for changing the way power is produced and delivered can now be changed by anyone who knows how to connect.
These changes are great news: the world is getting more energy, fewer emissions and less prices. But these changes also highlight the kinds of vulnerabilities that abruptly interrupted the colonial pipeline. The same tools that make legitimate energy workers more powerful become dangerous when hijacked by hackers. For example, hard-to-replace equipment may receive commands to shake itself off, putting pieces of a nationwide grid out of service for months at a time.
For many nation states, the ability to push a button and wreak havoc on the economy of a rival state is highly desirable. And the more energy infrastructure becomes hyperconnected and digitally managed, the more targets offer exactly that opportunity. It should come as no surprise, then, that a growing proportion of cyberattacks observed in the energy sector have shifted from targeting information technology (IT) to targeting operating technology (OT), the equipment that controls directly to the physical operations of factories.
To stay up to the challenge, Information Security Officers (CISOs) and their Security Operations Centers (SOCs) will need to update their approaches. The defense of operating technologies calls for different strategies – and a distinct knowledge base – than the defense of information technologies. To begin with, advocates need to understand the operating condition and tolerances of their assets – a command to push steam through a turbine works well when the turbine is hot, but can break it when the turbine is cold. Identical commands can be legitimate or malicious, depending on the context.
Even collecting the contextual data needed to monitor and detect threats is a logistical and technical nightmare. Typical energy systems are composed of equipment from several manufacturers, installed and modernized over the decades. Only the most modern layers have been built with cybersecurity as a design constraint, and almost none of the machine languages used were ever designed to be compatible.
For most businesses, the current state of cybersecurity maturity leaves a lot to be desired. The near-omniscient views of computer systems are associated with large OT blind spots. Data lakes are swelling with carefully collected results that cannot be combined into a cohesive, comprehensive picture of operational status. Analysts wear themselves out with alert fatigue trying to manually sort benign alerts from back-to-back events. Many companies cannot even produce a complete list of all the digital assets legitimately connected to their networks.
In other words, the ongoing energy revolution is a dream for efficiency and a nightmare for safety.
Securing the energy revolution calls for new solutions that are equally capable of identifying and acting on the threats of the physical and digital worlds. Security operations centers will need to bring together IT and OT information flows, creating a unified threat flow. Given the scale of data flows, automation will need to play a role in applying operational knowledge to alert generation: is this command consistent with the status quo or does the context show that he is suspect? Analysts will need broad and in-depth access to contextual information. And defenses will need to grow and adapt as threats evolve and businesses add or remove assets.
This month, Siemens Energy unveiled a monitoring and sensing platform aimed at solving key technical and capability challenges for CISOs tasked with defending critical infrastructure. Siemens Energy engineers have taken the necessary steps to automate a unified threat flow, enabling their offering, Eos.ii, to serve as a fusion SOC capable of unleashing the power of artificial intelligence to meet the surveillance challenge. energy infrastructure.
AI-based solutions meet the dual need for adaptability and persistent vigilance. Machine learning algorithms that analyze huge volumes of operational data can learn expected relationships between variables, recognize patterns invisible to the human eye, and highlight anomalies for human investigation. Because machine learning can be trained on real-world data, it can learn the unique characteristics of each production site and can be iteratively trained to distinguish between benign and significant anomalies. Analysts can then adjust alerts to monitor specific threats or ignore known sources of noise.
The expansion of surveillance and detection in the OT space makes it more difficult to conceal attackers, even when single, zero-day attacks are deployed. In addition to examining traditional signals such as signature-based detection or spikes in network traffic, analysts can now observe the effects of new entries on real-world equipment. Cleverly disguised malware would always set off red flags by creating operational anomalies. In practice, analysts using AI-based systems have found that their Eos.ii detection engine is sensitive enough to predictively identify maintenance needs, for example, when a bearing begins to wear out and as the ratio of incoming steam to de-energized power begins to drift. .
Done well, the surveillance and detection that extends to both IT and OT should leave intruders exposed. Analysts investigating alerts can retrace user history to determine the source of the anomalies, then move forward to see what has been changed in a similar amount of time or by the same user. For energy companies, increased accuracy translates into dramatically reduced risk – if they can determine the extent of an intrusion and identify the specific systems that have been compromised, they get surgical response options that solve the problem with a minimum collateral damage, for example closing a single branch and two pumping stations instead of an entire pipeline.
As energy systems continue their trend towards hyperconnectivity and ubiquitous digital controls, one thing is clear: a given company’s ability to provide reliable service will increasingly depend on its ability to create and maintain cyber defenses. solid and precise. AI-based surveillance and detection offers a promising start.
To learn more about Siemens Energy’s new AI-powered monitoring and sensing platform, see their recent white paper on Eos.ii.
Learn more about Siemens Energy cybersecurity at Siemens Energy cybersecurity.
This content was produced by Siemens Energy. It was not written by the editorial staff of the MIT Technology Review.