This is the second article in a three part series looking at cyber security in the energy sector. Here, Information Age looks at how to effectively protect the industry, with specific use cases from Darktrace Industrial and Drax
‘We rely on the AI to not only detect, but also to fight back against the attacker – independent of the human operator. That really is the cutting edge of cyber security’. Photo by Master Wen on Unsplash
As cyber attacks increase in variety and complexity, cyber security becomes an increasing challenge for any industry.
In the first of Information Age’s three part series on cyber security in the energy sector, we looked at the dangers posed by an increasing number of attacks on critical infrastructure in recent years. The repercussions are significant, and potentially catastrophic to both business and society.
The article established – with the help of Scott King, Senior Director, Security Advisory Services for Rapid7, Andrew Tsonchev, Director of Technology at Darktrace Industrial and Martin Sloan, Group Head of Security at Drax – that as the energy sector becomes more digitised, the need to evolve cyber security practice becomes more of a priority. The experts maintained that cyber security has improved, although – as with any industry – there is room for improvement. It also became clear that new technologies, such as artificial intelligence, could be introduced to help improve cyber security in the energy sector.
>Read more on Cyber security best practice
The second part of this series will look at what cyber security solutions and best practices are most effective in protecting the industry, with examples of improved security from Darktrace and Drax.
But before we delve into it, it’s important to understand who should be responsible for cyber security at an organisation – the leadership of a CTO is a crucial. It will differ depending on the company, its size and culture, but generally speaking the CTO should lead a team with a CISO, CSO or equivalent, and between them decide on a effective security strategy.
It is true that every employee has an important role to play when it comes to security. But, “in a bid to improve the agility of their business, companies are rapidly onboarding the latest tech innovations, from smart tablets to internet connected coffee machines,” explains Tsonchev.
“On average, CISOs underestimate the number of devices on their network by up to a third. As such, the role of CTOs in communicating to the board the increasing digitisation of the business will be vital.”
Cyber security in the energy sector: The solutions
King provides an overall philosophy on the best way to protect the energy sector from cyber threats: “Closely follow industry leaders, build trusted relationships with peer utilities, help build and craft a self-sustaining compliance regime that goes above and beyond what is prescribed by the government (when applicable).”[embedded content]
Throughout Information Age’s Cyber Security Month, we have placed a great emphasis on cyber security training. The majority of breaches occur because of human error. And, it is of the utmost importance to effectively train both ordinary staff members and security professionals within an organisation, in order to mitigate this overwhelming weak link.
>Read more on The comprehensive IT security guide for CIOs and CTOs
Technological solutions should also be employed – in particular, AI. “More and more organisations in the energy sector are realising the powerful role AI defence can play in their cyber security program,” says Tsonchev. “Analogous to the human immune system, these technologies use artificial intelligence algorithms to learn the normal ‘pattern of life’ for every device, controller and user on unique networks. Using this dynamic understanding, they then detect and autonomously fight back against never-seen-before attacks.”
“If it seems like the fingerprint sensor controlling access to a substation is making strange connections, cyber AI will slow down or stop that specific connection, without interrupting the entire system and preventing legitimate access to the grid for several hours. The fact that these responses are proportionate, and in real time, means that energy companies can halt in-progress threats in their tracks, preventing any damage and system downtime.”
Of course, AI is not the only technological solution to cyber security in the energy sector. On top of Darktrace, plenty of other vendors offer different software solutions to help mitigate the cyber threat in the energy sector – Privileged Account Management tools, for example. What is clear is that as the energy sector embraces the digital, outdated and weak security systems need to be replaced.[embedded content]
Out with the old
This was the case with Drax – considered to be one of the most forward-looking organisations in the energy and utilities industry, providing around 7% of the UK’s power.
Sloan explains that Drax’s “traditional security stack was no longer sufficient. Perimeter defences struggle to keep up with the complexity, volume, and speed of today’s cyber threats. The great thing about advances in AI is that they have allowed us to fundamentally rethink our approach to cyber defence. It’s not just about keeping the bad guys out but also about having a plan for when they are inside the network.”
>Read more on 10 cyber security trends to look out for in 2018
Commenting on the company’s adoption of AI, Sloan says it has been a game changer for how they deal with cyber security. “We rely on the AI to not only detect, but also to fight back against the attacker – independent of the human operator. That really is the cutting edge of cyber security.”
“Whilst it is important to recognise that the traditional cyber security approach is a necessity, the best solution for the industry is to use it in tandem with the latest developments in artificial intelligence.”
Improving cyber security
Every company is at risk from cyber attacks, and the vendors are no exception.
“This area is particularly challenging when our sales force operate globally, as regular travel, particularly abroad, poses unique cyber security threats,” says Tsonchev. “Just like all organisations should, we run an ongoing, comprehensive security training programme to educate all of our employees on cyber risk.”
“Luckily for us, several of our co-founders and executives have backgrounds in the intelligence services. We are able to leverage their experience in the field to protect our network against advanced threats.”
Improving cyber security in the energy sector
As mentioned, AI has taken Drax’s cyber security provision to the next level. This technology, from Drax’s perspective, is worth embracing.
“Given that the energy industry is a prime target for organised, sophisticated attacks, one of our key concerns was finding a way to limit the risk of both zero-day attacks and insider threats,” says Sloan.
>Read more on A guide to cyber attacks: Malware – Part 1
“Zero-day threats evade most cyber security approaches as they are not yet recognised as malicious, allowing the attacker to inflict significant damage before the threat is detected. By deploying AI-led solutions across its industrial network, Drax is able to detect, and thwart, zero-day attacks before they become serious.”
“AI enables us to react faster to genuine threats, in addition to internal training programs on cyber security, providing a safety net for when insiders compromise the network, either through error or malice.”
Part 3 of Information Age’s Cyber Security in the Energy Sector series will focus on how energy and utility companies can best roll out a cyber security strategy, and the importance of doing so in the face of competitive disruption