author photo
By Manav Mittal
Fri | Nov 8, 2024 | 5:05 AM PST

"You don't realize how connected things are until your smart fridge starts sending you weather updates… and you get nervous about a refrigerator hacker."

In the utility sector, we've embraced technology to make things more efficient, smarter, and more resilient. But as our infrastructure gets smarter, threats lurk in the shadows as well as getting smarter. The journey from sensors in the field to servers in the control room is a cybersecurity tightrope journey. A single mistake can pose a significant risk to infrastructure and to the public.

A connected world means a vulnerable world

Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. These sensors send data continuously that allows operators to monitor pipelines, substations, and treatment plants in real-time. But the moment we bring IoT into the mix, we create thousands of potential entry points for attackers.

In 2021, for example, hackers attempted to manipulate the chemical levels in a Florida water treatment plant by breaching remote access systems. In the same way, utilities around the world have experienced service disruptions as ransomware targets back-end systems. This is often due to a seemingly innocuous sensor compromise.

Essentials of end-to-end security in network devices

To build a resilient utility network, you must shield every single link inside the chain, securing records from the second it's captured at the sensor to its arrival on the server. Here's how to do it.

1. Device-level security: It starts at the sensor. Every security strategy begins with the smallest, often-overlooked component: the sensor. Securing these devices might seem trivial, but without protection at this entry point, we're leaving the back door open.

2. Strong authentication: Each device, no matter how small, should have strong, unique authentication measures to prevent unauthorized access. Even a simple sensor should be treated as a critical security asset.

3. Firmware integrity checks: Regularly check that each device's firmware is up to date and verified—especially when outdated firmware is one of the most common entry points for attackers.

4. Network segmentation: With thousands of devices communicating over the network, segmentation of traffic can help prevent potential breaches. Think of network segmentation as creating a physical wall between different parts of a system so that attackers simply cannot gain access to the entire network.

5. End-to-end encryption: Encrypt all data from sensors to controller. Change your encryption keys periodically to reduce the risk of keys being exposed. When the data reaches the server, strict security controls must be in place to protect data from tampering or unauthorized access. Servers are the main target of attackers; therefore, covering this endpoint is important.

6. Identity and access management: Use IAM to control who has access to what data on the server, and use multi-factor authentication (MFA) for complex applications. Incorporate the use of AI-enabled monitoring to identify anomalous behavior and potential threats in real-time.

Across industries, companies are learning the hard way about how damaging breaches can be. The scale of the Florida water treatment plant and similar incidents shows that threats can come from surprising places, like forgotten passwords, unpatched vulnerabilities, or weak vendor policies. By securing the device from the sensor to the server, utilities can build effective defenses against evolving cyber threats.

In the end, when talking about critical infrastructure, safety is not just a good practice, but it is also a responsibility to the communities in which we operate.

Comments