Ransomware attacks are the number one cyber risk for utilities and critical infrastructure worldwide. Detecting malicious activities during the preparation phase of an attack to prevent disruption and spreading is at the heart of any cybersecurity strategy.
For several years, the combination of system integration, the smart grid and the legacy of outdated industrial control systems have been presenting new cyber security challenges for energy infrastructures. These problems are reflected in the 10 most common anomalies identified in energy companies' operational technology (OT) networks in 2022.
We spent the final week of November at Frankfurt attending Enlit Europe 2022, a major European energy event following COP27 focused on stories of people, projects, and technologies driving the energy transition. From the various conversations, hub sessions and summit keynotes and panels we take a lot of learnings back with us. Here is a quick snapshot of our top takeaways.
The convergence of information and communication technologies (ICT) and operational technologies in smart grids is a double-edged sword. On the one hand, ICT makes it possible to significantly improve grid reliability, security, and efficiency by facilitating information exchange, managing distributed generation and storage sources, while also enabling active participation of the end consumer. On the other hand, attackers can exploit the vulnerabilities of communication systems for financial or political gain.
In its working paper "Critical Vulnerability in Log4j - Detection and Response", the German Federal Office for Information Security (BSI) underlines the persistent and complex danger of the Log4Shell vulnerability in industrial networks as well. Patching the vulnerability in the short to medium term is considered unrealistic for many companies. For this reason, the BSI recommends continuous monitoring and analysis of network communication via anomaly detection in addition to rule-based query analysis. Industrial anomaly detection solutions, as offered by Rhebo, a Landis+Gyr Company, enable companies to detect on compromises that have already occurred, active exploits and other malicious activities in the operational technology (OT) and industrial control systems (ICS) at an early stage. The vulnerability, documented as CVE-2021-44228, allows attackers to execute arbitrary code on systems using the widespread Log4j library without authentication.
The digitalization of the energy industry has led to a convergence of operational and informational technologies across metering infrastructures worldwide. This OT/IT convergence brings with it all the benefits of the connected, IoT era such as personal energy management insights, automated energy management and grid transparency. However it has also resulted in increasingly complex OT/IT ecosystems creating with new areas of vulnerability and increasing exposure to attacks.
