It’s no news that cybersecurity is increasingly becoming more and more of a concern for companies and businesses in a variety of different sectors. Often, we mostly think of cyber attacks targeting government and commercial computer networks. But with the rise of the Internet of Things (IoT), and as distributed energy systems become more popular, additional cyber threats have arisen. According to a new white paper from Eaton, similar cyber attacks and cyber threats are becoming more prevalent on other kinds of information-based smart networks as well — like those that operate buildings and utility systems.
Download the full report.
The new report provides guidance to help businesses and organizations keep their electrical systems in accordance with current cybersecurity standards. It also provides an overview of security features and practices to consider and adopt in order to meet industry-recommended standards and best practices.
So, why the increasingly dire cyber threat for electrical systems? It has to do with an integral change in the way electrical systems are controlled. According to the report, traditionally, these systems were controlled through serial devices connected to computers via dedicated transceivers with proprietary protocols. But today’s networks are largely connected to larger enterprise networks that can expose these systems to similar cyber threats as computer systems.
Now we know why we have to address cybersecurity for industrial control systems, as companies are increasingly integrating field devices into enterprise-wide information systems. The most common attacks comes in the form of viruses, trojan horses, worms, or spyware — which the report explores in more detail.
And there are a variety of cybersecurity threat vectors — or paths or tools that an entity can use to gain access to a device or a control network in order to deliver a cyber attack — available to hackers today. These include misconfigured firewalls, unsecure wireless routers and wired modems, infected laptops located elsewhere that can access the network behind the firewall, and many more.
There is increasing concern regarding cybersecurity across industries where companies are steadily integrating field devices into enterprise-wide information systems. — Eaton
While there are inherent differences between traditional IT systems and ICS, Eaton shared what it calls “defense of depth” is applicable to both.
“Defense in depth is a strategy of integrating technology, people, and operations capabilities to establish variable barriers across multiple layers of an organization,” the report states.
These barriers include countermeasures to cyber threat vectors such as firewalls, intrusion detection software/components, and antivirus software — coupled with physical protection policies and training. The report explores these barriers in detail, which are intended to reduce the probability of attacks on the network and provide mechanisms to detect intruders.
Paths to the control network. (Photo: Eaton)
But for a “defense in depth” strategy to work, there needs to be well-documented and continuously reviewed policies, procedures, standards and guidelines, Eaton pointed out — which must be continuously assessed and updated to protect against new threats.
It is becoming more and more critical for ISC administrations to not only make sure they are aware of changes in cybersecurity, but also to continue to work to prevent any potential vulnerabilities in the systems they manage.
Download the new white paper from Eaton, “Cybersecurity Considerations for Electrical Distribution Systems,” that explores how to meet cyber threats to industrial control systems proactively with a a system-wide defensive approach specific to organizational needs.
