Ensuring the energy revolution and the future of IoT
In early 2021, Americans living on the East Coast learned a sharp lesson in the growing importance of cybersecurity in the energy industry. A ransomware attack has hit the company that runs the Colonial Pipeline-the main infrastructure artery that carries nearly half of all liquid fuel from the Gulf Coast to the eastern United States. Knowing that even though some of their computer systems were compromised, and unsure about the magnitude of their problems, the company was forced to resort to a brutal solution: shut down the entire pipeline.
Fuel transport damage has many consequences. The price of gasoline immediately rose. The President of the United States is involved, trying to assure panicked consumers and businesses that the fuel is available immediately. Five days and incalculable millions in economic damages later, the company paid a $ 4.4 million ransom and restored its operations.
It is a mistake to see this event as the story of a pipeline. Across the energy sector, more and more physical devices that produce and power fuel and electricity nationwide and around the world rely on digital control, network equipment. Systems designed and engineered for analogue operations have been relocated. The new wave of low-emissions technologies-from solar to wind to integrated turbine cycle-are inherently digital tech, using automatic controls to control every efficiency from their individual source. energy.
Meanwhile, the covid-19 crisis is accelerating a different trend towards remote operation and even more sophisticated automation. Many workers have moved from reading dials in a plant to reading screens from their couch. Powerful tools to change how power is created and channeled can be changed by anyone who knows how to log in.
These changes are good news-the world is getting more energy, less emissions, and lower prices. But these changes also point to the kinds of vulnerabilities that brought the Colonial Pipeline to an abrupt halt. The same tools that make energy sector workers strong are at risk if hijacked by hackers. For example, hard -to -replace equipment may be given orders to shake itself into fragments, placing the fragments on a national grid from the commission for several months.
For many states in the country, the ability to push a button and sow economic chaos in a rival state is highly desirable. And with more and more energy infrastructures becoming hyperconnected and digitally managed, more targets are being offered at the exact moment. Not surprisingly, then, the increasing share of cyberattacks seen in the energy sector has shifted from targeting information technologies (IT) to targeting operating technologies (OT). —The equipment that directly controls the operations of the physical plant.
To continue to face the challenge, chief information security officers (CISOs) and their security operations centers (SOCs) need to update their procedures. The defense of used technologies calls for different strategies – and a different knowledge base – than the defense of information technologies. For starters, defenders need to understand the operating conditions and permeability of their properties – an order to push steam through a turbine that will operate when the turbine is hot, but it can break when cold. the turbine. The same orders can be legitimate or harmful, depending on the context.
Even the collection of contextual data necessary for threat monitoring and detection is a logistic and technical nightmare. Typical energy systems are composed of equipment from multiple manufacturers, installed and deployed over many decades. Only the most modern coatings are built with cybersecurity as a deterrent to the scheme, and almost none of the machine languages used were previously intended to be compatible.
For most companies, the current state of cybersecurity maturity remains even more desirable. Almost every vision of IT systems is paired with multiple OT blind spots. The lakes of data collide with carefully collected outputs that cannot be combined into a cohesive, comprehensive picture of the operating condition. Analysts burned under alert fatigue while trying to manually sort alerts from consequent events. Many companies cannot even create a comprehensive list of all digital assets that are legitimately connected to their networks.
That is, the ongoing energy revolution is a dream for efficiency – and a nightmare for security.
Ensuring the energy revolution calls for new solutions that are both capable of recognizing and acting on threats from the physical and digital worlds. Security operations centers need to integrate the flow of IT and OT information, creating a unified stream of threats. Given the scale of data flows, automation should play a role in applying operational knowledge to alert generation – is this command consistent with the business as usual, or does the context indicate that it is questionable? Analysts need broad, deep penetration of contextual information. And shields need to grow and adapt as threats grow and businesses add or retire assets.
This month, Siemens Energy unveiled a monitoring and detection platform aimed at addressing core technical and capability challenges for CISOs tasked with protecting critical infrastructure. Siemens Energy engineers did what was necessary to automate a combined threat stream, allowing their Eos.ii offering, to serve as a fusion SOC with artificial power release. intelligence on the challenge of monitoring energy infrastructures.
AI -based solutions address both the need for adaptability and continuous monitoring. Machine learning algorithms that release large amounts of operational data can detect expected relationships between variables, identify patterns that are invisible to the human eye and highlight the anomaly for human investigation. Because machine learning can be trained on real-world data, it can detect the same characteristics in each manufacturing area, and can re-teach it to identify positive and consequential anomalies. . Analysts can then tune in alerts to monitor for specific threats or ignore known noise sources.
Expanding the monitoring and vigilance of the OT space makes it even more difficult for attackers to hide — even when rare, zero-day attacks are deployed. In addition to examining traditional signals such as signature-based detection or network traffic spikes, analysts can now monitor the effects with new real-world equipment inputs. Cleverly hiding malware will still raise red flags by creating operational anomalies. In practice, analysts using AI-based systems have found that their Eos.ii detection engine is well-tuned to determine maintenance requirements-for example, when it starts to lose carrying and the vapor emission ratio starts to drift. .
Turned right, monitoring and detection surrounding both IT and OT should be left to the detriment of intruders. Analysts investigating alerts can track user histories to determine the source of anomalies, and then scroll to see what else has changed in the same timeframe or the same user. For energy companies, the increase in accuracy translates into a significant reduction in risk-if they know the extent of an intrusion, and know which specific systems are being compromised, they get options for surgical responses that fixed the problem with minimal collateral damage — say, stopped a lone branch and two pumping stations instead of an entire pipeline.
As energy systems continue their trend toward hyperconnectivity and widespread digital control, one thing is clear: a given ability of a company to provide reliable service will depend more on their ability to create and maintain strong, accurate cyber defenses. AI -based tracking and detection offers a good start.
To find out about Siemens Energy’s new monitoring and analysis platform, check out their recent white paper on Eos.ii.
Learn more about Siemens Energy cybersecurity at Siemens Energy Cybersecurity.
Its interior is made by Siemens Energy. It was not written by the editorial staff of the MIT Technology Review.