If you've ever plugged an American, 110-volt appliance into a European 220-volt socket, you've experienced firsthand what happens when an electrical device overloads: fizzle, pop, smoke. At best, you've temporarily damaged the appliance. At worst, the device catches fire and burns the place down.
While damage to home appliances illustrate a relatively minor case, imagine what can happen when high-voltage electrical transmission systems in a power substation become overloaded.
Photo: EEP
Damage to power substations are typically the result of natural disaster or some system malfunction. However, as we build out next generation power grids that connect the industrial control systems responsible for managing and monitoring the delivery of electricity with back-end IT systems, we risk exposing an element of critical, national infrastructure to potentially devastating cyber attacks.
There are many scenarios in which this could happen. For example, an attacker could break into a power substation and infect the power control network with a virus. If the virus were designed to manipulate circuit breakers and create a power overload, the attacker could destroy electrical transformers and take the substation offline. If the attacker managed to coordinate destruction of a sufficient number of substations, the entire power grid could fail, leading to nationwide blackouts lasting weeks or even months. This is, indeed, a doomsday scenario, but the potential exists.
Given the potential for disastrous consequences, why integrate critical infrastructure like power grid industrial controls with traditional IT systems? The answer lies in the Internet of Everything, which is bringing greater efficiency to our daily lives by interconnecting everything -- people, processes, data, and things. When we network physical things such as electricity meters, traffic lights, and crop irrigation systems and then enable these devices to send data to analytics systems and dynamically react to human needs, we gain an unprecedented level of control over our world.
The power grid is ripe for maximizing the Internet of Everything. For some years now, utility companies have been migrating decades-old systems to a more efficient electrical infrastructure known as the smart grid, which uses embedded sensors, control points, and communications systems to better manage supply and demand, making for more efficient energy use.
With the smart grid, we can monitor electricity usage in near real-time to better manage power consumption. For example, street lights that turn on and off when they detect movement nearby. And imagine if our smartphones could alert us when electricity consumption rises above a certain threshold, allowing us to remotely switch off certain appliances?
What could possibly go wrong? From many incidents of cyber breaches, we've learned the hard way that modern attackers can be clever, resourceful, and highly persistent in their efforts. It's fair to say that with enough time and effort, they can break in.
To effectively deal with the challenge that smarter, shadier, and stealthier attackers pose to the Internet of Everything, we need a new security model.
Our traditional security models have focused most heavily on attack prevention; that is, attempting to block attacks before they happen. We follow compliance guidelines, segment critical and non-critical systems, install firewalls and intrusion prevention devices to restrict and monitor traffic flow, and struggle endlessly to patch software vulnerabilities. Yet attackers still break through.
In the recent Target incident, attackers managed to infiltrate point-of-sale terminals and steal data from millions of credit cards by hacking one of Target's supplier-facing networks. Target had preventative security controls in place -- they even had advanced threat-monitoring systems -- but somewhere in the complex landscape of security implementation and management, the attackers managed to find and exploit a gap.
A new security model begins with recognizing that if we haven't already been attacked, we will be. So, if we just assumed that the smart grid were under attack and we didn't know how, where, or even why, what should we do differently? Here are three suggestions:
1. Address the entire lifecycle of an attack: before, during, and after. It's not enough to rely on systems to stop attacks before they happen. We need to be able to detect an attack as it happens and understand the nature and potential impact of the attack. We need to be able to determine the scope of the attack, contain it, and clean up the damage as quickly as possible.
2. Deploy security as a unified, integrated system that spans the entire footprint of the business operating environment. Within the security industry we have a dizzying array of point products and solutions that typically only help address one or two aspects of the attack lifecycle and only for certain parts of our infrastructure. For example, point solutions may not be able to share relevant information between distinct security systems to help correlate and pinpoint attacks. An integrated system will help security staff better defend the infrastructure and, ultimately, enable greater business agility in the face of sophisticated threats.
3. Implement intelligent security capabilities that provide deep and continuous visibility into business operations and systems that focus on threats rather than known vulnerabilities or expected types of attacks. In the power grid, this could entail the use of dedicated security sensors that monitor different parts of the electrical infrastructure for unusual activity. Additionally, with big data analytics we can study mass amounts of information from many sources - sensors, energy supply and consumption patterns, prevailing climate conditions, historical trends - to uncover anomalies that might indicate an evolving threat pattern.
The Internet of Everything holds great promise for improving many aspects of our daily lives. But with great opportunity often comes great risk. Security is a game of cat and mouse between attacker and defender, with ever evolving sophistication on both sides. However, with a new security model, we can realize the promise of the Internet of Everything, safely and securely.
Please join me on July 16 for a free Webinar called "Protecting the Internet of Everything from Smarter, Shadier, and Stealthier Attacks." Learn more and register here.