The North American Electric Reliability Corporation (NERC) strictly enforces energy production standards across the North American continent (United States, Canada, Mexico), which include cyber security provisions. Operators within this region distribute power to well over 300 million consumers that must remain secure at all times. Its primary function is to work together with all systems to efficiently and reliably serve power and to correct problems that may arise.

What is going on out there?

In a recent interview with Eugene Kaspersky, head of the globally-renowned Kaspersky Lab, he talked about the vulnerabilities that are waiting in the systems of critical infrastructure facilities. He also noted their low level of preparation regarding a response plan to cyber attacks and the increasing sophistication of state-sponsored attacks against critical infrastructure targets. It is imperative, Kaspersky says, that these organizations are able to detect and respond quickly to minimize the amount of damage they suffer due to hackers' advances. [2]

Creating initiatives based on these suggestions will become increasingly important as black hat operatives focus their efforts on the energy grid with malware such as BlackEnergy. In fact, according to ICS-CERT, the energy sector had to respond to the most threats in 2013 of all 16 sectors they monitor. More than half of the 257 cyber security threats they issued a response to were for the energy sector. [3]

Vulnerabilities and Exploitation

From a hacker’s perspective information security breaches result in not only financial gain but also the disruption of major industries and services worldwide with the potential for widespread economic damage. Public utilities such as power grids are just one example of key targets [1].

Many utility companies have not invested heavily in infrastructure security, nor paid enough attention to updating outdated or legacy technology. This presents a major problem by inviting hacking of legacy systems as well as supervisory control and data acquisition (SCADA) technology and human-machine interfaces (HMI). US energy plants are now under near-constant threat from malware such as the Dragonfly (AKA Energetic Bear) campaign that emerged last summer and reportedly started in 2011 [4].

How you can get secure and stay secure

So how can your organization prepare itself against the nefarious behavior of nation-states or rogues for hire? NERC’s provisions state a requirement for configuration change monitoring of energy production facilities which is met with a file integrity monitoring solution. How are you detecting dangerous changes and malware injections?

One excellent solution is integrating change detection software like CimTrak to ensure file configuration integrity by monitoring IT systems. Enable email alerts for your IT team when unwanted changes occur and remediate them in real time with highly detailed monitoring policies.

Find out why numerous utilities rely on CimTrak to protect their critical infrastructure by reaching out to us for more information or to request a demo.

 

References:

 [1]https://www.nerc.com/pa/Stand/Prjct201404PhsclScrty/Comment%20Report_2014-04_Physical_Security_03312014_CommentsReceived.pdf

 [2]https://www.csoonline.com/article/2895096/kaspersky-a-very-bad-incident-awaits-critical-infrastructure.html

[3] http://www.afcea.org/content/?q=critical-infrastructure-cyberterrorism%E2%80%99s-next-likely-target

[4] https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks

Download the Free Guide

Tags:
Jacqueline von Ogden
Post by Jacqueline von Ogden
April 8, 2015
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time