By Simon Perry, Carbon Black security specialist
A recent report by the Australian Energy Market Commission (AEMC) recommended that Australia’s power grid operators should be given more flexibility to deal with unpredictable events including cyber attacks and extreme weather. This is on the back of the recommendations of the Finkel Report, and the resulting adoption of the Australian Energy Sector Cyber Security Framework (AESCSF).
Increasingly, the threat of cyber attacks, long an issue to sectors that are fundamental to the economy such as financial services, has become an additional headache that the National Energy Market (NEM) suppliers, operators, and regulators must deal with.
According to Gartner, organisations need to rebalance their security investments from predominantly threat prevention to threat detection. This requires an investment in next generation security operations centres (SOCs) as the complexity and frequency of security alerts grow. Gartner estimates that by 2022, 50 per cent of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, up from less than 10 per cent in 2015.
Moreover, the AESCSF requires NEM connected organisations to uplift their cyber security controls to ensure that their infrastructure is able to withstand a cyber attack.
Related article: Why power generation plants need to be cyber-savvy
Changing security tactics
For Australia’s NEM, which facilitates the exchange of electricity between generators and retailers, an increasing percentage of variable renewable energy and distributed energy resources is replacing relatively few, large (fossil fuel) power stations.
In this far more decentralised model the need for IT- and OT-based control systems to finely balance the grid becomes even more acute, leading to an ever-increasing risk of cyber disruption. A hacker could cause disruption to the grid, which could have disastrous consequences to Australia’s economy and the Australian public.
Related article: The asset management gaps in utilities creating cybersecurity risks
Security tips to consider
Here are some tips to consider to protect an energy operator from cyber attacks:
1. Improve the cyber resilience of your operating environment by moving from a legacy antivirus approach (which looks for ‘known bad’) to an application control approach whereby only ‘known good’ is allowed to run, and everything else is denied by default, and
2. Improve the cyber strength of your environment by providing the means to rapidly detect, respond and isolate the most sophisticated attacks, including those conducted by Nation States and advanced cyber criminal groups.
Marrying this ‘detection and response’ capability with a mindset that recognises the absolutely mission critical nature of the energy grid – looking for threats and shutting them down before they cause outages is key if the energy sector is to protect itself and the supply of electricity to its customers.
To ensure the uninterrupted supply of power to Australian consumers and businesses, it is more important than ever that the IT/OT systems of Australia’s energy operators are resilient against current and future cyber risks. With the clock ticking on the second phase of the three-year AESCSF, NEM operators are under increasing pressure to ensure the security of their infrastructure withstands potential cyber attacks.