A fake industrial control system (ICS) tempted a lot of bad players on the web recently. Electric customers should take note.
There’s a “pervasive the cyber risk is to the industrial sector,” say the people who ran the exercise, reported in a column, Utility ransomware attacks becoming more sophisticated. (Source)
Here’s what was done. A cyber security firm created a fake ICS to attract hackers and learn about the scope and methods of attack. After the site was created it took no time at all to get hit.
Targets for hackers will only increase, says the story. More digitization of industry means more targets.
How big is the target in the power industry? “There are currently an estimated 55,000 power plant, transmission, and distribution system operators employed in North America.” (Source)
What may be considered good news in this is that weak passwords were a problem, says the report. Those can be addressed.
The tough news: “As the industry attempts to respond to potential cyberthreats, it faces several important challenges. For one, business and technology requirements continually evolve. For another, there is a serious shortage of qualified workers who understand how to secure the converged—IT-plus-OT—utility enterprise. In addition, managing risk associated with third parties adds a significant layer of difficulty to the implementation of good cybersecurity.” (Source)
Sophistication in this count may relate to the size of the utility. “Small utilities in particular struggle with these issues, because they lack the resources and scale to cope with cyber threats as their larger peers do. Last, the challenges are broader than mere technical issues and need to be dealt with holistically.”
Utilities have been expected to up their game on cyber issues. That continues, maybe increases. A global problem meets the front door of the energy customer because of the threat. Local utilities are the front line of this battle on behalf of customers.
A big expectation.