In the latest episode of the 'OT Security Made Simple podcast' , Klaus Mochalski, founder and CEO of Rhebo, sits down with Todd Wiedman, Chief Security Officer of Landis+Gyr, to cover a range of topics, shedding light on the evolving challenges and solutions within the realm of AMI security.
The IEC 62443 family of standards is an old acquaintance to most security managers for industrial systems. For more than ten years, it has been considered THE standard for industrial cybersecurity. It also serves as a "horizontal standard" offering a sector-agnostic baseline for industrial cybersecurity, upon which sector-specific requirements, e.g. for the energy sector, could be added by industry experts. In this blog we explore its implications for the energy sector.
The utility industry is facing new and evolving security threats in the modern era of operational technology (OT) and information technology (IT) convergence. Geopolitical turmoil and changes in the workforce have further complicated the security landscape for utilities. As a result, it is becoming increasingly important to secure advanced metering infrastructure (AMI) systems.
Ransomware attacks are the number one cyber risk for utilities and critical infrastructure worldwide. Detecting malicious activities during the preparation phase of an attack to prevent disruption and spreading is at the heart of any cybersecurity strategy.
In its working paper "Critical Vulnerability in Log4j - Detection and Response", the German Federal Office for Information Security (BSI) underlines the persistent and complex danger of the Log4Shell vulnerability in industrial networks as well. Patching the vulnerability in the short to medium term is considered unrealistic for many companies. For this reason, the BSI recommends continuous monitoring and analysis of network communication via anomaly detection in addition to rule-based query analysis. Industrial anomaly detection solutions, as offered by Rhebo, a Landis+Gyr Company, enable companies to detect on compromises that have already occurred, active exploits and other malicious activities in the operational technology (OT) and industrial control systems (ICS) at an early stage. The vulnerability, documented as CVE-2021-44228, allows attackers to execute arbitrary code on systems using the widespread Log4j library without authentication.
The digitalization of the energy industry has led to a convergence of operational and informational technologies across metering infrastructures worldwide. This OT/IT convergence brings with it all the benefits of the connected, IoT era such as personal energy management insights, automated energy management and grid transparency. However it has also resulted in increasingly complex OT/IT ecosystems creating with new areas of vulnerability and increasing exposure to attacks.