Cybersecurity in the Utilities industry
Cybersecurity in the Utilities industry
From switching the light on, to pouring the water for a cup of tea, we all take for granted and rely on the essential utility services that we use every day. As we go about our business, we rarely stop to think about the fact that these utilities are under constant threat from cyber-attacks. In extreme cases, major outages could quickly escalate way beyond inconvenience to a breakdown of society. Popular fiction, such as the international bestseller Blackout, describe in scary detail the lightening quick breakdown of society in such as circumstance, as the lights and power go out and drinking water becomes scarce.
In a survey of 1,700 utility companies last year, 56 percent said they experienced at least one shutdown or operational data loss in the past 12 months. In addition, only 42 percent of the survey respondents rated their cyber readiness as high, and only 31 percent were fully ready to respond.
In the past, the complex and isolated nature of utility infrastructure had protected organisations from these cyber-attack. Operational infrastructure wasn’t connected directly to centralised IT systems or the internet. However, there has been a natural progression to bring the infrastructure into the 21st century with the use of automation and the Internet of Things to secure efficiencies. This has integrated IT infrastructure with operational technology, and as an unhappy consequence, opened up the networks to the cyber threat.
The reasons for these attacks are wide-ranging from anarchy and terrorism to criminality for commercial gain but all have the ability to bring societies to a stand-still. Some of the worst attacks were recently reported in Power Technology. They include hackers targeting safety systems, cutting power to cities and even stealing and publishing plans for nuclear power reactors.
But utility companies are fighting back. In a global survey, by management and technology consultancy Accenture, they found investment in security innovation was growing in utility companies. They also reported a 27% reduction in the average number of security breaches over the past year. But this battle is still an ongoing struggle with 73% agreeing staying ahead of the attackers was difficult and the costs unsustainable.
So, what practical steps are utility companies taking to secure their environments? Cyber security has to be considered at every level from intrusion attacks at the network perimeter, to monitoring of operation infrastructure and authentication access, right through to protection of the mobile devices the workforce uses.
It’s in the area of secure mobile devices that Panasonic, with its rugged TOUGHBOOK computing, tablet and handheld devices, is leading the way in the utilities sector. For example, the TOUGHBOOK 55 notebook is one of the world’s first Secured-core PCs developed with Microsoft and is currently being rolled out to the mobile workforce of one of the UK’s largest water utility companies.
As well as being built to withstand the everyday challenges of the utility worker, the TOUGHBOOK 55 is one of the most secure mobile computing devices on the planet. Designed with deep integration between hardware and software and featuring the most advanced CPUs available, Secured-core PCs are intended to handle mission-critical data in the most data-sensitive industries, such as utilities.
A Secured-core PC is a modern Windows device that comes with the highest level of hardware, software and identity protection ready right out-of-the-box. It enables users to boot securely, protect their device from firmware vulnerabilities, shield the operating system from attacks and prevent unauthorised access to devices and data with advanced access controls and authentication systems.
In addition, Panasonic ProServices offers custom engineering support for utilities companies for additional security. In a recent example, the team designed a custom BIOS for one organisation that disabled the Wi-Fi and Bluetooth functionality of its devices. This meant that the only way the device could interact with the network was physically via a LAN cable, limiting opportunities for cyber intrusions.
It's through these types of initiative, protecting the mobile workforce as well as the offices, data centres and operational infrastructure, that security is being addressed to combat the ever increasing ingenuity of the cyber attackers.