Cybersecurity challenges and solutions in the power sector

Nozomi Networks is a specialist cybersecurity vendor that focuses on developing physical and virtual sensors as well as software as a service (SaaS) products to install into manufacturing facilities to provide network visibility, threat detection, and insight. The company focuses on monitoring and detection for Industrial Control Systems (ICS), Operational Technology (OT), and IoT devices. As such, the company works with nine sectors, including electric utilities.

GE Power is a subsidiary of General Electric, which provides gas, steam, and nuclear power, as well as power conversion. GE’s technology produces approximately 33% of global electricity and equips 90% of global power transmission utilities. It is a major player in the power sector and thus must ensure that it is not vulnerable to cyberattacks.

In 2018, GE Power decided to partner with Nozomi Networks, giving the former access to real-time ICS visibility, network monitoring, and other cybersecurity solutions. Nozomi Networks’ real-time visibility to the GE industrial control system will allow it to see when the system is attacked faster, allowing more time for mitigation and response. According to Nozomi Networks, the agreement allows GE central or remote security for large distributed industrial networks as well automated tracking of industrial assets and their cyber risks. GE Power has not had a cyberattack via its OT equipment since partnering with Nozomi Networks.

A study by Skybox Security found that 83% of utilities and critical infrastructure companies had one or more cybersecurity breaches between 2018 and 2021. One compounding area of concern is OT equipment. In fact, Colonial Pipeline Company stated that it disconnected its OT systems from DarkSide, preventing further breaches. Skybox Security found that 20,175 OT vulnerabilities were found in 2021, up from 18,341 in 2020, and that this increase is partially because OT systems are hard or impossible to scan for flaws.

In an exclusive interview with GlobalData, Nozomi Networks noted that OT is often overlooked by CISOs and that OT manufacturers are increasingly producing internet-enabled equipment. These smarter devices allow for faster maintenance, but unfortunately, often leave companies vulnerable to cyber-attacks. 

Siemens Energy Gamesa is a renewable energy company that delivers clean energy to 87 million homes each year. The company, like many other renewable energy and power companies, is under the increased threat of cyberattacks, especially as the sector rapidly digitalises. As mentioned in the above case study, cyberattacks are now not limited to IT systems but also impact the increasingly internet-enabled OT devices.

As a result, Siemens Energy has developed a new AI-based monitoring and detection platform, called Eos.ii, which will help protect its operations—specifically IoT devices—from cyber-attacks. Eos.ii can sift through cyber threats and rank them in order of their consequential damage and also inform security operations centre (SOC) analysts of the threat as soon as the attack began, which helps speed any potential mitigation process.

The Eos.ii engine also has a unique feature; it allows SOC analysts to hunt for any subtle signs that a cyber intrusion is underway. Furthermore, the IoT device also reduces the need for staff and the need for worker-to-worker communications, which can delay decision-making at the start of an attack. For example, SOC analysts no longer need to speak to other OT workers or even log into several systems to check assets, they can use this device to zoom in and out of assets across the business, allowing them to check their operating status.

Siemens Energy claims that this is the ‘first AI-based monitoring and detection platform to serve at the foundation of an IoT fusion SOC” for the energy sector. In Lehman’s terms, essentially, Eos.ii allows for Siemens to monitor both the physical and digital assets, as OT and IT data is monitored on one platform.

This follows the trend in the sector of energy companies releasing that their OT cybersecurity is just as important as IT security, with the former being previously neglected from a cybersecurity point of view.

Although issues of cybersecurity are often a private matter for companies, Siemens has alluded to one example of the Eos.ii platform saving the company a lot of money. An SOC analyst detected an issue with the firewall hardware at one of Siemens’ powerplants, where the firewall hardware was 15 degrees above the temperature it should be, which meant that the control system of the power plant would likely crash if the hardware overheated.

If this hardware overheated, shutting down the control system during a period of power production, Siemens would not be eligible for any form of pay out. The SOC analysts in charge of the Eos.ii platform realised that this was not a cyberattack and could perform maintenance while strengthening the cyber-resilience of the technology.

Claroty is a leader in industrial control systems (ICS) security solutions and works with several clients in the energy sector including Siemens, Schneider Electric, Mitsui & Co., and others. They recognise that assets in industrial environments are vulnerable to cyber threats that are hard to detect and have created a cybersecurity platform, called The Claroty Platform, which seeks to resolve these issues.

One of the key foundations of The Claroty Platform is the Continuous Threat Detection (CTD) control system. Their product won the ‘Best IoT/IIoT Security Solution’ at the SC Europe Awards in 2021. In industrial sectors such as the energy sector, assets often utilise proprietary protocols created by companies in that sector. Essentially, little is known about how these assets operate outside of these companies.

Claroty’s CTD has the largest library of proprietary protocols and scanning methods which enable the system 100% visibility into the connections and processes of OT, IoT, and IIoT assets for energy companies. CTD has an enterprise management console that ensures that corporate executives can customise how they report on their assets, which are often highly specific to the company.

Claroty claims that these make the total cost of ownership (the cost of an asset and its cost of operation) lower for users. Claroty says that the automation of cybersecurity controls allows for time to focus on more pressing cyber concerns. Furthermore, the platform provides cyber alerts that suggest actions, a low level of false positives, and remote access, allowing users to use the platform from anywhere. These features reduce the mean time-time response (MTTR), which is the average time taken to resolve a system or asset failure.

Claroty also offers another cybersecurity solution called Claroty Edge, an edge data collector that allows energy companies ‘100% visibility in less than ten minutes’ into their inventory of OT, IoT, and IT assets without any network changes or hardware deployments. This solution is ideal for companies in the energy sector for two core reasons. First of all, the assets of energy companies are generally geographically dispersed and often in hard-to-reach areas, which makes the installation of hardware difficult, costly, and time-consuming. Secondly, OT assets and industrial networks often cannot use IT scanning and solutions.