White Paper

What Security Tools Is the Energy Industry Using to Protect Its Systems?

Evolving threats target industrial control systems. Here’s how energy and utility companies are fighting back.
  • by Mike Chapple
  • |

Advanced technologies such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems help energy and utility companies monitor and manage their far-flung operations. But these systems also expose companies to new attack vectors. Cyberthreats are growing more numerous and more sophisticated every year, posing a major challenge for energy and utility companies working to protect their assets.

Energy and utility SCADA and ICS cybersecurity programs use a variety of technical solutions to defend these critical infrastructure systems from attack. These controls include the use of multifactor authentication, firewalls, mobile device management, anti-virus, security information and event management systems, virtual private networks and patch management technology.

Multifactor authentication adds enhanced security to access control systems. Rather than simply relying on an easily stolen password, multifactor authentication approaches supplement the “something you know” authentication approach with an additional requirement that users either possess, such as a smartphone or token (“something you have”), or use a biometric feature, such as a fingerprint or voice (“something you are”), to verify their identify. Multifactor authentication should always be used to protect access to sensitive SCADA systems, even when it is not required for access to a wider enterprise network.


The percentage of IT and ICS security practitioners who map their security practices to NIST's Cybersecurity Framework

Source: SANS Institute, "Securing Industrial Control Systems 2017," June 2017

Other Tools to Protect Control Systems

Firewalls segment networks of differing security levels from each other, carefully restricting the traffic that may flow between networks. They are commonly found separating internal networks from the internet, but they can also be used internally to segment sensitive networks from general-purpose networks. Many energy and utility companies use firewalls to separate their SCADA networks from their general productivity networks. 

When technology professionals use firewalls to separate SCADA networks, they must also provide authorized users with the ability to access those networks remotely. Virtual private networks (VPNs) provide an ideal solution for this requirement. Authorized users employ a VPN client to create a secure, encrypted connection to the SCADA network, where they may then access infrastructure systems. VPN access is typically restricted using multifactor authentication technology.

Both SCADA systems and the workstations that engineers use to access those systems must have carefully monitored configurations. Patch and configuration management solutions allow cybersecurity professionals to ensure that all of the devices on SCADA/ICS networks are configured according to the organization’s security standards and are up to date on their patches.

If users access SCADA systems using smartphones, tablets or other mobile devices, those devices often require specialized configuration management solutions. Mobile device management (MDM) or enterprise mobility management (EMM) solutions provide administrators with the ability to manage configurations, security patches, applications and other settings on mobile devices. They also provide the ability to remotely lock or wipe devices reported as lost or stolen.

Anti-virus software is standard on almost every enterprise system, from laptops to servers, and this should also be true in an organization’s SCADA environment. Devices capable of running anti-malware software should have it installed and actively running at all times and be configured to receive automatic signature updates on a daily, if not more frequent, basis. 

Finally, organizations should be prepared for the eventuality that they may experience a security incident on their SCADA/ICS networks. Security information and event management (SIEM) solutions act as a collection and correlation point for log and event information from all of the different cybersecurity technologies deployed in an organization. Security professionals use SIEM as a centralized monitoring dashboard and the jumping-off point for security incident investigations.

A wide variety of security technologies are available to energy and utility firms. As organizations design their SCADA security programs, they may wish to begin with industry standard frameworks, such as those available from NIST. These frameworks offer guidance to help energy and utility companies select the security technologies that best meet their needs.

Learn how energy and utility companies can address the growing threats they face by reading the white paper, "Securing SCADA Networks."