Cybersecurity in the utilities industry-Data science changes the security conversation
The U.S. power grid is a gargantuan machine. More than 3,300 utilities deliver electricity from 7,000 power plants over 200,000 miles of transmission lines, through more than 55,000 substations and 5 million miles of distribution lines. Increasingly, these assets are monitored and controlled by millions of networked, digital devices ranging from synchrophasors on the transmission lines to smart meters at the customer premises. And each of these devices is a potential vulnerability for hackers to attack.
There’s actually an appropriate degree of cybersecurity consistency and rigor for the bulk power system. But it’s localized to the generation and transmission level, thanks to the North American Electric Reliability Corporation (NERC) starting on its Critical Infrastructure Protection (CIP) standards in 2006.
The distribution system is a different story. These regulatory commissions, and the utilities they oversee, are struggling with the technical, budgetary and resource challenges of securing more and more distributed assets and intelligent devices. Many smaller utilities lack the financial or technical resources to adequately safeguard their systems. There is also an acute need for jurisdictions and utilities to share information about best practices, standards and the evolving threat environment.
Why data science for cybersecurity?
So how can analytics initiatives enhance security? Traditional IT-based security tools, such as firewalls, encryption and authentication technologies, ignore the physical and behavioral information of the devices and assets they protect.
One of the fundamental challenges in protecting your infrastructure is understanding your surface area of risk and reducing the vulnerability of those assets. In other words, it’s hard to know when an attack is underway and on what device. What is the role of that device, the temperature, the pressure, the speed, the state of connectivity, etc.? What is the baseline for these values, how can you detect abnormal, if you have no basis for normal? These behaviors and telemetry, all staples of OT or industrial IoT automation and business analytics, are also tremendously informative from a cybersecurity standpoint by enriching the data stream and improving situational awareness.
Effective security is interdisciplinary
I’ve been involved in a few projects recently where we’ve effectively detected cyberattacks by gathering information about the physical state of the power grid and the devices therein. It involves developing and deploying low-cost IoT sensors, and it’s triggered an evolution of our IT architecture.
The idea is that the physical behavior of components on the grid can help determine when the grid is under attack by providing a redundant, complementary set of data points. It even applies to sophisticated attacks that manipulate what is represented by a device or sensor (remember Stuxnet and the Iranian centrifuges). An analytics-based redundant source of data can mean the difference between detecting an intrusion in a timely manner and finding out only after the damage is done.
So, when it comes time to discuss strategy and investment in cybersecurity or business analytics, bring the IT staff and the business users together. Seek out cybersecurity synergies between IT and OT. With the right technology and partner, you will find that you can improve cybersecurity, asset reliability and business performance using the same dollars.