From April’s POWERGRID International: Stopping the Gaps in Cybersecurity
Editor's Note: This excerpt on energy sector cybersecurity is part of our exclusive content in the print and digital versions of POWERGRID International magazine. Author Frank Andrus of Bradford Networks focuses on plugging security gaps and other issues for utilities and other grid companies.
Companies in the energy sector have experienced an unprecedented level of cyberattacks in the past year. The U.S. government issued a rare public warning in the fall of 2017 about aggressive, ongoing cyberattacks on energy and utility targets. Various surveys and news stories from 2016 and 2017 report that well over 60 percent of critical infrastructure organizations had a security incident in the prior two years, and just as many said that the threat landscape looks worse going forward. As utilities embrace digital transformation, operational efficiencies and productivity increases, but additional network connections also expand the network’s attack surface. To combat this larger threat landscape, utilities must quickly close the resulting network security gaps.
SECURITY GAP NO. 1:
UNSECURED ENDPOINT DEVICES SUCH AS IOT AND BYOD DEVICES
Unsecured endpoint devices are a growing challenge for network security. With the prevalence of bring you on device (BYOD) and Internet of Things (IoT) devices, there are more uncontrolled devices connecting to the network than ever before. As these devices continue to saturate the market, organizations are struggling to balance the productivity gains they deliver against the security risks. The most formidable challenge is that there is no device Stopping the Gaps Identifying and Stopping Network Security Breaches By Frank Andrus, Bradford Networks configuration standardization for BYOD or IoT. There are hundreds of permutations of device type, brand, operating system and security health status. Yet, many organizations are rapidly adding IoT-enabled security cameras, sensors and office equipment, as well as allowing employees, guests and contractors to connect unknown mobile devices to the network. This is concerning because many mobile and BYOD devices lack sufficient security and most IoT devices have little or no intrinsic security. Ponemon Institute’s 2017 State of Mobile & Internet of Things Application Security Study discovered that 46 percent of respondents stated they (likely or definitely) already experienced an attack as the result of IoT applications. These risks are poised to increase as thousands of new IoT devices continue to enter the market. Gartner predicts that IoT device adoption will more than double from 8.4 billion devices in 2017 to 20.4 billion devices by 2020.
Click here to read more of this story and other issues of POWERGRID International magazine.