July 24, 2017 | Richard Jones
New Ways to Deal with Cyber Threats
The seemingly endless headlines detailing the latest cyber-attacks are putting pressure on utility executives to act now. On the line – threats to consumer and shareholder confidence from prolonged service disruptions as well as poor financial performance from costly repairs to operations and reputation resulting from a cyber-attack.
Deepening the malaise, the analysis of the second cyber-attack (dubbed Industroyer or CrashOverride) on the Ukraine Power System, confirms a shift to open market development of malware that will dramatically increase the variety and volume of cyberattacks. According to the Dragos MIMICS project, there are now a dozen active malware agents targeted at industrial control systems.
NERC CIP Regulations have perhaps yielded short-term success in keeping utilities safe from a major attack. However, most requirements have primarily driven compliance-orientated activities for the Bulk Electric System and will not keep pace with this new diversity of threats. New actors, exploiting new weaknesses, will require the creation of holistic security programs, not point solutions.