Connect with us

Hi, what are you looking for?

Business

Business strategy: Preventative action is needed to protect utilities from cyberattacks

Newer technologies can offer greater protection, risks exist if these defences are broken and arguably the exposed attack surface is expanding rapidly.

Image: – © AFP
Image: – © AFP

Many countries have an aging utilities infrastructure, and this makes the provision vulnerable to cyberattacks. Such attacks pose threats to the economy, to security and to public safety.

Such attacks could lead to catastrophic system failures, especially at the countless facilities that rely on legacy technologies.

While newer technologies can offer greater protection, risks exist if these defences are broken and arguably the exposed attack surface is expanding rapidly as many facilities become increasingly interconnected through the Internet of Things. 

To gain an insight into the current vulnerabilities, Digital Journal heard from expert Adam Maruyama, who is the Field CTO at Garrison Technology, which is now a part of the firm Everfox.

Maruyama begins by assessing the biggest and most famous of cyberattacks on a utility service provider: “In 2021, as the US was reopening from the COVID-19 pandemic, we saw an attack on a single provider – Colonial Pipeline – halt more than 5,500 miles worth of distribution pipeline, with ripple effects to 45 percent of all pipeline operators, and cause states of emergency in more than 17 states.”

This incident created jitters, especially with the U.S., and allowed more concentrated responses to be considered, as Maruyama explains: “It should, therefore, come as no surprise that a multipronged and coordinated attack on utilities would be what CISA Director Jen Easterly described in her testimony to Congress as an “everything, everywhere, all at once” event. If utilities across multiple sectors (e.g., power, telecoms, and water) were targeting, such an event could have an impact far beyond the already-dramatic attack on Colonial Pipeline, bringing much of modern life to a halt temporarily.”

In terms of the economic and societal ramifications, Maruyama says: “And, as Easterly and her counterparts in the FBI, NSA, and Office of the National Cyber Director cautioned, our nation-state adversaries realize it and could use such an attack as a cudgel to break the will of the American people to support our allies in a time of need.”

This has led to energy sector and government actions. Maruyama assesses the response: “Much of the discussion around protecting critical infrastructure has revolved around the operational technology (OT) infrastructure of these providers – environments that control turbines, water pumps, critical telecom switching equipment, and more, and which are often rife with legacy technology. These environments are treated as highly sensitive, and providers make their best efforts to protect them and wall them off from would-be attackers.”

There also needs to be some emphasis upon preventative actions in addition to the response to any such attack. Here Maruyama finds: “But it’s critical to remember that the information technology (IT) environments of providers often play a critical role in operations as well; it was an attack against Colonial Pipeline’s IT infrastructure that drove the understandable decision to temporarily halt operations in 2021.”

In summary, Maruyama indicates: “Having both strong preventative technologies like browser isolation, network segmentation, and proactive attack surface management as well as recovery capabilities in place for the IT network is critical to avoiding an event of this scale.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

Liam Hemsworth as Owen Brophy in 'Lonely Planet.' Photo Credit: Hilary Bronwyn Gayle, Netflix.Australian actor Liam Hemsworth stars in the new movie “Lonely Planet”...

Business

The European Central Bank is expected to lower interest rates again this week.

Business

Many professionals do not realise that just by working in certain industries, their personal data—emails, passwords, financial details—can be compromised.

Social Media

One local police report suggests that the vigilantes may be motivated by financial gains.