Climate change is one of the most significant long-term challenges for the power industry. Will the industry be able to make a transition to low carbon? How can efficiency be improved to reduce or eliminate damage? Those are important questions, but they aren’t the only challenge. In fact, there’s a threat facing the power industry today that needs to be managed right away.
Why Has the U.S. Government Spent $50 Million to Combat This Threat?
Cybersecurity threats come in many different sizes and complexity. For the power industry, a slight disruption could have terrible consequences; imagine street lights losing power at night or a hospital losing power. Lives could be lost, and painful questions would be put to executives in the power industry. Did you take every step available to protect your power facilities from hacking?
Fortunately, you have some support from the government. To protect the power industry from cybersecurity threats, the U.S. Department of Energy announced a $50 million investment in improving IT security for the energy sector in 2017. Government efforts and international cooperation will reduce some of the worst cyber threats facing utilities and power industry players.
While the DOE is helping, it cannot provide a full solution. At the same time, managers and technical experts in the power industry need to do their work to improve security. Before going further, look at a brief example of what can happen when there’s poor cybersecurity.
The 2015 Ukraine Incident
In 2015, Ukraine’s power grid suffered a major failure due to a cybersecurity attack. According to WIRED:
“[The attackers] … struck two other power distribution centers at the same time … leaving more than 230,000 residents in the dark. And, as if that weren’t enough, they also disabled backup power supplies to two of the three distribution centers, leaving operators themselves stumbling in the dark.”
In the short term, responding to this threat put a strain on the power industry and the country’s leadership. Some of the contributing factors, such as a lack of multi-factor authentication in the power industry, are easy to address. The scale and success of the attack and the fact that operators were prevented from fully responding are alarming.
Broad Assaults Against the U.S. Power Grid In 2018
This cybersecurity challenge isn’t limited to eastern Europe. In March 2018, Bloomberg reported that, “Russian hackers are conducting a broad assault on the U.S. electric grid, water processing plants, air transportation facilities, and other targets in rolling attacks on some of the country’s most sensitive infrastructure.” These attacks are often carried out in stages, and they include attacks on vendors and smaller companies. If your facility has not been attacked yet, that’ll come soon.
What Can the Power Industry Do?
The scale and complexity of the cybersecurity threat facing the power industry is formidable. Combating this challenge will require a comprehensive approach. To focus your efforts appropriately, you need to find out your opportunities for greatest improvement.
Carry Out a Through Self-assessment
As part of your annual planning process for cybersecurity, evaluate the following areas. For the best results, take the time to carry out meetings and seek input from third-party expert consultants. Work through each self-assessment question.
- Cybersecurity strategy: Has your cybersecurity strategy been updated to take account of new risks and threats such as foreign hacking and exposures from vendors?
- Cybersecurity resources: There’s no silver bullet to come up with a budget. As a starting point, ask yourself whether you were able to complete 90% or more of your planned security work. If you cannot achieve the majority of your plan, you likely have significant security exposures.
- Cybersecurity talent: Are you able to recruit and retain cybersecurity talent? Salaries for top professionals exceed $100,000, especially if you’re seeking experienced staff with management experience. In the short term, you can access expertise by hiring consultants, but that approach may prove more expensive than developing your talent.
- System complexity and age: In the power industry, most organizations face the challenge of managing numerous older systems. Keeping these systems secure is difficult because you need to maintain security subject matter expertise. Remember to include the impact of vendor-managed systems in your assessment.
- Cybersecurity tools: The tools at your disposal are an important variable in your cybersecurity program. If your team is forced to rely upon manual monitoring and testing, you’ll miss threats repeatedly. Ideally, you’ll use software solutions for identity management, password management, and the rest of your security program.
- Cybersecurity training program: In the power industry, safety training is typically a major priority. In addition, your organization also needs to implement robust training on security. We recommend quizzes and tests so employees can check their knowledge rather than providing simple self-study material.
Based on this self-assessment, you may be alarmed by how many gaps you need to fill. How do you determine where to get started? Simple: start with improving your systems because system improvements deliver an enterprise-wide benefit. Specifically, you should target your efforts on password management because that’s a weak point for many employees.
Improve Password Management Systematically
There are two main ways to improve password security in the power industry. First, you can raise awareness and provide password training for employees. This is a helpful first step. If employees don’t know how to manage passwords, they’re more likely to choose easy-to-hack passwords.
To be clear: training employees isn’t going to be enough to ensure your power generation facility stays secure. Managers and cybersecurity staff need a comprehensive solution to manage passwords. Employees also need a secure self-serve system to manage their passwords. Here’s the good news: you can achieve both improvements by using Password Station.
Designed with employee convenience in mind, Password Station is a comprehensive password management tool. To reduce the risk of hacking, Password Station supports biometrics. What if employees are locked out of their work computer? We’ve thought of that. They simply need to use the phone PIN reset. It’s a simple and secure way to reset passwords with one phone call. Best of all, Password Station is compatible with Mac and Windows credentials.