How energy companies are tackling cybersecurity challenges

Nozomi Networks is a specialist cybersecurity vendor that focuses on developing physical and virtual sensors as well as software as a service (SaaS) products to install in manufacturing facilities. The sensors provide network visibility, threat detection, and insight. The company focuses on monitoring and detection for Industrial Control Systems (ICS), operational technology (OT), and IoT devices. As such, the company works with nine sectors, including electric utilities. 

Enel is an Italian power company that operates globally in 30 countries across four continents. It plays a key role in managing and monitoring the Italian power grid, which supplies energy to 31 million customers and is operated by the Italian Transmission System Operator (TSO).  

Enel is charged with ensuring the availability of the OT, IoT, and industrial networks that support the grid, as well as managing Regional Control Centers and Interconnection Centers that connect with the TSO, which manages energy flow to the grid. Maintaining this critical national infrastructure naturally requires constant interaction and cooperation between Enel and the TSO, and securing the networks that support this is therefore imperative.  

Enel wanted to move away from using standard networking tools in its management of the ICS (ICS), due to the manual and time-consuming nature of monitoring and troubleshooting the control network. Previously, gathering data was a difficult process and, once collected, human knowledge was required to evaluate the data. Therefore, improvements in efficiency and security were necessary. Enel worked with Nozomi in 2023 to deploy the latter’s Guardian security sensor, which monitors network activity to identify any vulnerabilities and detect cyber threats, while also improving operational efficiency. Guardian was initially deployed at one Regional Control Center to allow for testing to occur, before being installed at all RCCs across the grid, as well as at the Interconnection Centers to monitor Enel’s connection with the TSO. Nozomi’s Central Management Console sensor, which manages and provides an overview of all Guardian sensors in its environment, was also installed. 

Enel has benefitted from the automation of the process of data collection from all parts of the grid without the need for human intervention, improving efficiency and allowing staff to focus on protecting the company’s operations. Staff now have full visibility of the Enel control network, improving their ability to detect anomalous activities, misconfigurations, and standard and advanced security attacks. 

Claroty is a vendor of ICS security solutions and works with several clients in the energy sector including Siemens, Schneider Electric, Mitsui & Co., and others. It recognizes that assets in industrial environments are vulnerable to cyber threats that are hard to detect and has created a cybersecurity offering called The Claroty Platform, which seeks to resolve these issues. 

An unnamed power generation and transmission company, delivering services across a nationwide transmission network, worked with Claroty in 2022 to reduce the risks associated with redundancy across its network of power plants. Redundancy involves the duplication of certain critical components or functions of a technological system to ensure that a component failure does not have wide-reaching negative impacts across the system.  

Although this is an essential practice for power companies to ensure the reliability of their OT networks, it also brings cybersecurity risks when coupled with a complex network of widely distributed architecture, and in this case, insufficient security controls.  

Attackers consequently had hundreds of potential entry points into the company’s OT networks, and the built-in redundancy meant that, generally, attacks were only detected if the damage caused was easily noticeable. Small-scale attacks could occur undetected despite causing considerable damage, and the overall availability and reliability of the company’s OT was inadequate as a result. 

To solve these issues, the company deployed The Claroty Platform to bolster the cybersecurity of its OT infrastructure. One component of the platform is Continuous Threat Detection, which offers improved asset visibility and constant security monitoring. A Secure Remote Access element also allows plant staff and third-party vendors to monitor and access the company’s OT network with greater security, reducing the risk of any threats caused by potential misconfigurations. 

 The company also benefitted from an improved alerting mechanism which enabled its Security Operations Center (SOC) to pinpoint the exact time of, and reasons behind, any anomalous or malicious activity occurring in the OT networks of its power plants.