Article

Protect SCADA Systems Against Escalating Risk

Research Hub > Protect SCADA Systems Against Escalating Risk
Identify security gaps to safeguard systems.
December 12, 2019

Regular risk analysis plus multilayered security can prevent attackers from disrupting your operations. See how through one energy and utility company’s experience.

Identifying the Threat

The Dragonfly cyberespionage group targets a large U.S. utility company, seeking to control equipment interfaces such as circuit breakers, with the ultimate goal of shutting down the flow of electricity.

Image of two hackers sitting at desks using laptops.

Dragonfly attempts to access the network via a variety of infection vectors, including phishing emails, watering hole attacks on energy-related websites and Trojanized software. They also target several of the utility company’s ICS equipment providers as part of a supply chain attack.

Image of an energy plant and person on tablet device closeup.

Detecting and Thwarting Attack

The utility company had a multifaceted security approach, which protects every layer of its SCADA system, as well as all endpoint devices. Regularly updated next-gen firewalls, along with gateway anti-virus and intrusion detection and protection systems, identified Dragonfly attacks and stopped them from breaching the network and servers.

Image of construction worker holding a mobile device.
Image of a man standing at a counter using a laptop.

At the same time, a strong password policy and identity and access management solution stopped Dragonfly from stealing employee credentials. Multifactor authentication would have prevented the attackers from using any credentials they might have gained access to, while enterprise device management ensured malware did not infect employee laptops or tablets.

At the same time, a strong password policy and identity and access management solution stopped Dragonfly from stealing employee credentials. Multifactor authentication would have prevented the attackers from using any credentials they might have gained access to, while enterprise device management ensured malware did not infect employee laptops or tablets.

Image of a man standing at a counter using a laptop.

If Dragonfly had managed to penetrate these multiple defenses, the company was also prepared with a comprehensive breach containment strategy that includes a cloud-based security information and event management (SIEM) system to minimize the attack’s impact.

Image of construction worker using a control panel showing an alert.
Image of a laptop on a desk.

Ongoing Protection

Well aware that its SCADA system and networks are a prime target for threat actors, the utility company works with its IT partner to periodically audit its SCADA environment and network-connected components for new vulnerabilities. It also takes a proactive approach to malware detection, conducting regular threat checks that incorporate passive network and endpoint monitoring to detect botnets and infected clients.

Ongoing Protection

Well aware that its SCADA system and networks are a prime target for threat actors, the utility company works with its IT partner to periodically audit its SCADA environment and network-connected components for new vulnerabilities. It also takes a proactive approach to malware detection, conducting regular threat checks that incorporate passive network and endpoint monitoring to detect botnets and infected clients.

Image of a laptop on a desk.

Protect your critical infrastructure with a comprehensive cybersecurity solution.

CDW experts and our partners can help you orchestrate an integrated security strategy that meets the specific needs of your energy and utility company.

Cisco Data Center, Collaboration & Cybersecurity Solutions
Microsoft Software & Cloud Solutions
Sophos Showcase
Symantec Showcase

Learn how CDW can help you better protect your energy company’s systems.

Explore Energy Solutions

MKT25380