Cybersecurity in the utilities industry: leveraging analytics to break down the cybersecurity dilemma
On December 23, 2015, hackers executed what’s considered the world’s first successful attack on a power grid. They took control of utility systems in the Ukraine and knocked out power to 225,000 customers across three distribution companies for several hours. It wasn’t the limited damage but the coordination and sophistication of the attack that left utilities around the world worried.
The hackers are presumed to be Russian, based on the IP addresses of the computers used in the attacks. Spear phishing and malware gave them a foothold in the IT networks of the three utilities, from which they harvested credentials to access the utilities’ industrial control system (ICS) networks. With that, the hackers were able to seize control of the supervisory control and data acquisition (SCADA) systems and:
- Turn off substations
- Disable or destroy various IT infrastructure components
- Simultaneously execute denial-of-service attacks on the utility call centers, preventing customers from reporting and receiving important information.
These events raised the stakes for grid security to a new level. A similar attack on the U.S. power grid would be highly disruptive, likely costing hundreds of billions of dollars in economic damage while threatening public safety in myriad ways. Think of our dependence on electricity for healthcare, transportation and infrastructure alone. The U.S. response could also alter the geopolitical landscape or lead to military conflict.
Welcome to FUD: fear, uncertainty and doubt
Almost inevitably when I meet with utility clients, discussion of cybersecurity strategy and investment take on the aura of FUD. What are the worst-case scenarios? How likely are those scenarios to unfold? What is a prudent amount of effort and investment to manage that cybersecurity risk?
Perhaps the more challenging question: How do you balance investments in cybersecurity with investments in reliability and resiliency — given that weather events, thus far, cause far more disruptions and outages than cyberattacks?
In other words, cybersecurity too often comes down to a binary question of how much to invest in two options:
- “Insurance,” incurring a sunken cost to protect against a serious event that may or may not take place.
- “Opportunities” to drive future growth.
If you’ll notice, the cybersecurity dilemma does not, nor should it, take place only within the IT team. Particularly in an IoT world.
Data science vs. FUD
In my experience, analytics and cognitive computing, such as machine learning and neural networks, greatly augment traditional IT-based security tools. So, if you’re looking at cybersecurity and analytics as separate, discrete endeavors, you’ll be leaving money, security and synergy on the table. This is a distinctly different conversation from the “FUD-based” discussion.
Read my next post to see where this distinctly different conversation goes.