What Texas Power Outages Can Teach Us About Securing the Electric Grid
By Tony Cole, CTO, Attivo Networks
Uncharacteristic winter weather recently sent the Texas power grid into overdrive, resulting in mass outages. Unfortunately, inclement weather isn’t the only threat facing utility companies: Cyber threats have the potential to impact the power grid in a similarly serious manner. The pandemic has compounded existing risks, driving utilities’ digital transformation at a much faster pace, effectively widening attack surfaces and exposing the risks associated with integrating operations technology with information technology.
With remote work and distributed networks here to stay, both utilities and government regulators must shift their cybersecurity focus. Here are two important considerations utility companies should keep in mind when building an active defense to help secure the electric grid.
New Guidelines Recommend a Little Trickery
Utilities seeking ways to reinforce their defenses can start by reviewing helpful resources like MITRE ATT&CK and MITRE Shield, both freely available knowledge bases that help defenders better understand the adversaries they face and what defenses they should put in place to counter them. Utility companies may not be able to prevent every adversary from getting into the system, but these MITRE programs can help them better prepare for attacks in the future.
One area that MITRE has increasingly focused on includes cyber deception and denial technology, which are increasingly being adopted to detect lateral movement within the network. Deception can identify unauthorized activity during attacker discovery, lateral movement and privilege escalation, luring them away from valuable assets with decoys designed to look like real network objects. A hydroelectric system might put a decoy structure in place with fake programmable logic indistinguishable from the real thing. An attacker who tries to tamper with a fake valve will immediately give away their presence, and the deception environment can automatically isolate them and notify security teams.
Privileged Access Abuse Can Have Serious Ramifications
Globally, more than 90% of all organizations use Active Directory for employee authentication, identity management and access control. With privileged access abuse a factor in 80% of all known security breaches, utilities must rethink the way they protect identities, credentials and high-value assets. Managing privileged access today is very different from prior years, and now extends from endpoints to the cloud and covers credentials, infrastructure, databases and network devices.
What if an adversary targets a northeastern utility company during a blizzard? They may start simply by sending a spear-phishing message to an employee. The link may download an injection code that compromises the system and gives the adversary direct access to it. Just like that, they can move laterally and use their privileged access to target identities and credentials to damage or disrupt the power grid. Utility companies must equip their security teams with the tools they need to assess risks in AD and prevent attackers from exploiting them in this manner.
Read the original article on Nextgov.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise