ECI's Elastic Network
  • Career
  • Follow
    • Blog
  • Login
ECI ELASTIC Network solutions logo
  • Career
  • Follow
    • Blog
  • Login
ECI-BLOG-1.jpg
ECI-BLOG-Page.jpg

Taming the Big 4 – 4 ICT Challenges Facing Power Distributors - Part 2

Posted by Marco Berger on 26 Jun 2017
Marco Berger
  • Tweet

In the second of our ‘Taming the Big Four’ blog series, which looks at four key challenges facing power distributors, Marco Berger, ECI’s Head of Critical Infrastructure Solutions, unlocks the door on security.

Challenge #2: Security: How Secure Does Secure Have to Be?

Let’s be honest, cyber security, or rather the lack of it, has damaged a fair few corporate reputations. We can each probably think of one or two major breaches in the last few years that have caught the power utilities industry napping. Breaches that, with even a slight shift in thinking or approach, most likely could have been prevented.

Sadly, I have no doubt we’ll see more frequent and sophisticated cyber-attacks in the critical infrastructure sector in the coming years. That’s state sponsored cyber warfare for you – the new weapon of mass destruction.

Learn more about Taming the Big 4 Download brochure: Muse Cyber Security Suite

Two home truths

Before we delve any further into the whys and wherefores of cyber security, I think it’s worth being absolutely honest with you about two things. First, no organization, no network, and no system can be 100% secure. If any so-called ‘experts’ tell you otherwise, bring the conversation to a close quickly and politely show them the door. Second, you need to embrace the idea that there is no let up. For critical infrastructures, cyber security is a never-ending war waged on the battlefield of measure and countermeasure – with no interval, no half-time drinks, and no ‘off’ button.

Now we’ve exploded those two truth bombs, let’s explore why is it that power distributors are more vulnerable to cyber attacks than ever. Understanding the ‘why’ not only helps to put the challenge in context, it also highlights the ‘what’. In other words, the key areas power distributors will need to address to beef up security.

Today, utilities are more vulnerable because there are many more points of entry to the system than ever before. This is largely down to:

1) Distribution – we’ve had a major shift towards more distributed energy resources in the last 10 years. Instead of the uni-directional grid, where power came from a few big generation plants along one highway, we now have an ‘energy cloud’ fed by numerous and various generators (wind, solar, tidal, nuclear, coal and gas). This has created many more points of entry into the grid, and with it, many more points of vulnerability.

2) Smart metering – the business model for utilities companies has changed. In efforts to be more efficient and take the guesswork out of bills, and to offset people generating their own electricity, power distributors are moving to a pay-as-you-use model. This means installing smart meters in homes, buildings and businesses. And each smart meter is another potential entry point a hacker could exploit.

3) Mobility – our cars are no longer disconnected from the world. In-car Internet is a growing trend, as is Wi-Fi and wireless connectivity. And to recharge, electric vehicles need to communicate with the power grid, again creating another point of entry and another potential vulnerability.

Add all these together, and the number of entry points rises rapidly, which in turn is making it more challenging for any utility company to address security properly – at least in the short-term.

 

The human factor

Look at the statistics and they reveal that 70-80% of breaches are user violations. Whether it’s a disgruntled employee or via theft of user permissions, this is one door every organization is vulnerable to. And it’s fairly easy, with the help of someone on the inside, to breach a network, infect a database or workstation, or pull the plug on the grid.

Also, hackers often rely on an organization’s willingness to put its reputation before anything else. As such, few will admit to a breach publicly, particularly the critical infrastructure sector. Of course in the US, companies are obliged by law to report any cyber breaches to the National Counterintelligence Executive (NCIX) and the EU is on the road to adopting similar laws.

So what can you do about it?

Having a company-wide approach to cyber security is paramount. That means making security everyone’s responsibility with a top-down and bottom-up approach. In fact, cyber security is as much about instilling awareness and good habits in your people as it is about implementing security solutions.

One thing you shouldn’t do is stop any plans you have to modernize your IT and OT infrastructure. Like it or not, IT/OT convergence is happening in critical infrastructures because it makes financial sense to invest in one single platform. Yes, the convergence may increase the risk over yesterday’s segregated systems, but the good news is that today we have the tools to secure your mission critical applications. And as ever, the most vulnerable points remain the end points – router ports, workstations, integrated access device (IADs) – because they are unsecured.

And when it comes to protecting your OT, we believe you can use your communications layer, the backbone all your services and applications run along, to your advantage to improve your security. This layer of the network is often the most vulnerable as it connects the organization to the outside world. More worryingly, it’s also the layer least focused on by most cyber security solutions providers – yet unsurprisingly, the layer most used by cyber criminals.  

That’s why a good solution protects you against three types of cyber threat 24/7/365:

  1. Attacks originating from IT aimed at the OT. So a hacker trying to penetrate the operations technology via a router or workstation.
  2. Attacks originating in the OT. So viruses or malware injected into the operational networks that affect SCADA, telemetry or an IAD, for example.
  3. Man in the middle scenario. A hacker taps into your fiber network, microwave radio or copper lines. At best, to listen to your comms. At worst, to steal info from your network or devices, or users.

4 steps to choosing a cyber solution

Finding the right solution is essential to the future health of your business (and your customers). There are a lot of vendors out there selling miracle cures, and there’s a lot to lose if you get it wrong. So make ‘analysis’ and ‘research’ your best friends early on in the selection process.

  1. Analyze your threats – first get your internal cyber experts to do a risk analysis, then get an external audit. The general rule of thumb is that the deeper you dig, the more vulnerabilities you’ll find, so you’ll need to decide when to stop.
  2. Prioritize – what are the most vulnerable points in your systems and what are the most urgent to address? Everything is important, but based on your risk analysis, prioritize the steps you need to take to strengthen security in the areas most at risk. Remember to secure your mission-critical operational systems first, because you and your customers need these systems to work 24/7.
  3. Survey the market – define the phases of implementation and go through the RFP process. Just remember no solution is 100% secure. It’s a matter of measure and countermeasure, and you’ll need to constantly update your security for evermore.
  4. Buy only what you need – with all the solutions on the market it’s easy to get lost. Everyone is trying to sell you “the only security solutions you’ll ever need”, but in the end it’s neither economical nor feasible to buy everything. See points 1 and 2.

One point I haven’t mentioned so far is how physical and cyber security are really two sides of the same coin. While many companies focus on one or the other, look for companies developing an approach that takes into account every dimension of security. In other words, one that combines both physical and cyber security to create a comprehensive, holistic and joined-up response.

I hope to be able to share more on that in future. Meanwhile, to learn about ECI’s MUSE cyber security solutions for Critical Industries, visit us here.

 Learn more about Taming the Big 4 Download application note: Muse SHIELD for Critical Infrastructure

Click here to learn more about ECI's Solutions for Utilities and Critical Infrastructures.

Topics: Cyber Security, Critical Infrastructures, Utility

Subscribe to ECI Email Updates

aboutheauthor-new
Marco Berger
Marco Berger

Marco is Head of Utilities and Critical Infrastructures Vertical Solutions at ECI. As such Marco is in charge of developing opportunities, solutions, sales tools and collateral for the variety of customers in his vertical.

ECI For Network Solutions
brows-categories-new

  • 5G (70)
  • Service Providers (63)
  • SDN (58)
  • Optical Networking (56)
  • Critical Infrastructures (38)
  • NFV (36)
  • Cyber Security (33)
  • Utility (27)
  • Packet Networking (26)
  • Network Modernization (24)
  • Mobile Backhaul (20)
  • IP (19)
  • Network Slicing (18)
  • Optical Networks (18)
  • Cloud Networking (13)
  • Enhancing Network Efficiency (13)
  • Other (12)
  • Packet (12)
  • Telco Transformation (12)
  • Carrier Ethernet (11)
  • IoT (10)
  • Software (10)
  • Utilities (10)
  • eMBB (10)
  • Africa (9)
  • Legacy Networks (9)
  • Packet Networks (9)
  • SD-WAN (9)
  • DWDM (8)
  • MMTC (8)
  • Multi-Layer Optimization (8)
  • Network Management (8)
  • Smart City (8)
  • URLLC (8)
  • containers (8)
  • telecom (8)
  • FTTH (7)
  • IP Networks (7)
  • Open Source (7)
  • Segment Routing (7)
  • Disaggregation (6)
  • IETF (6)
  • IP/MPLS (6)
  • MPLS (6)
  • Network Transformation (6)
  • Networking (6)
  • Open (6)
  • Profitability (6)
  • Services (6)
  • Smart Grid (6)
  • UTelco (6)
  • Wholesale Providers (6)
  • AR/VR (5)
  • Aligning Network Architectures (5)
  • Backhaul (5)
  • Digital Transformation (5)
  • FlexE (5)
  • Intelligent Networking (5)
  • Metro (5)
  • OTN (5)
  • Software Defined Networks (5)
  • Sustainability (5)
  • VMs (5)
  • general (5)
  • 5G transport (4)
  • Access (4)
  • Carrier of Carriers (4)
  • Ethernet (4)
  • FlexibleEthernet (4)
  • Hardware (4)
  • IP Networking (4)
  • MEC (4)
  • Network Operations (4)
  • OTT (4)
  • Orchestration (4)
  • PaaS (4)
  • Telecoms (4)
  • Virtualization (4)
  • 5G business case (3)
  • 5G evolution (3)
  • 5G spectrum (3)
  • APIs (3)
  • Artificial Intelligence (3)
  • Autonomous Vehicles (3)
  • Cloud Design (3)
  • Connectivity (3)
  • DER (3)
  • Drones (3)
  • Environment (3)
  • Hard slicing (3)
  • ICT (3)
  • IPoverDWDM (3)
  • India (3)
  • Logical Network (3)
  • Maintenance Packages (3)
  • Multi-Tenant (3)
  • Network Automation (3)
  • Network Design (3)
  • Network Planning (3)
  • SLAs (3)
  • Soft slicing (3)
  • WAN (3)
  • WDM (3)
  • 5G Network Evolution (2)
  • 5G ROI (2)
  • 5G mobile transport (2)
  • 5G network slicing (2)
  • Airports (2)
  • Big-Data (2)
  • Broadcast (2)
  • Business Models (2)
  • Business Services (2)
  • CLI (2)
  • Data Center Interconnect (2)
  • DevOps (2)
  • Distributed Energy Resources (2)
  • Dockers (2)
  • Encryption (2)
  • Fiber Infrastructure (2)
  • Flex-Grid (2)
  • Global directory (2)
  • IP Technologies (2)
  • IaaS (2)
  • Infrastructure (2)
  • Interoperability (2)
  • Latency (2)
  • MEF (2)
  • MPLS-TP (2)
  • Machine Learning (2)
  • Mobile (2)
  • Multi-Access Edge Computing (2)
  • Multiplexer (2)
  • Municipalities (2)
  • NFVi (2)
  • Network Operating Systems (2)
  • OSI (2)
  • OT Networks (2)
  • Open Optical Systems (2)
  • OpenFlow (2)
  • Optical Encryption (2)
  • Optical Transport Network (2)
  • PCE (2)
  • Packet-Optical (2)
  • RFC (2)
  • ROADM (2)
  • Railway (2)
  • SONET (2)
  • Security (2)
  • Shannon Limit (2)
  • Survey results (2)
  • TDM (2)
  • Telecommunications (2)
  • Transport (2)
  • Transportation (2)
  • Transportation infrastructures (2)
  • VIM (2)
  • VNFs (2)
  • VPN (2)
  • Wavelength (2)
  • hyperscale (2)
  • microservices (2)
  • network troubleshooting (2)
  • uCPE (2)
  • vCPE (2)
  • vRAN (2)
  • 5G NR (1)
  • 5G Network (1)
  • 5G Services (1)
  • 5G Slicing (1)
  • 5G roll out (1)
  • 5G technologies (1)
  • AI (1)
  • API economy (1)
  • ASON (1)
  • ATM (1)
  • AWS (1)
  • Active directory (1)
  • Army (1)
  • Bandwidth (1)
  • Bandwidth on Demand (1)
  • Bitcoin (1)
  • Blockchain (1)
  • Branch Office (1)
  • Business Care (1)
  • C4I (1)
  • CDC ROADM (1)
  • CLNS (1)
  • CMTC (1)
  • CPE (1)
  • Capacity (1)
  • Carriers (1)
  • Cloud Service Providers (1)
  • Coherent Technology (1)
  • Coherent Transport (1)
  • Colorless (1)
  • Complete Network Environment (1)
  • Connected Cars (1)
  • Contentionless (1)
  • Core (1)
  • Core Transport (1)
  • Critical Industries (1)
  • Dedicated ASIC (1)
  • Defense Forces (1)
  • Defense networks (1)
  • Digitizing Highways (1)
  • Directionless (1)
  • Directory systems (1)
  • Dynamic Service Provisioning (1)
  • ESP (1)
  • EV (1)
  • Electric Vehicles (1)
  • FDDI (1)
  • FTTP (1)
  • Fiber (1)
  • Fiber to the Premise (1)
  • Fibre (1)
  • Firewalls (1)
  • Fixed wireless access (1)
  • Fronthaul (1)
  • Future Proof (1)
  • God Box (1)
  • HLS (1)
  • Highways (1)
  • ICT Network (1)
  • IEEE (1)
  • ILFI (1)
  • IPv6 (1)
  • ISO (1)
  • IT (1)
  • India Mobile Congress (1)
  • Industry 4.0 (1)
  • Industry4.0 (1)
  • Intent-based Networking (1)
  • Internet (1)
  • Kubernetes (1)
  • LAN (1)
  • LATAM (1)
  • LTE (1)
  • Layer 1 (1)
  • Layer 1 Encryption (1)
  • Layer 2 (1)
  • Layer 3 (1)
  • Legacy Systems (1)
  • Legacy Technology Migration (1)
  • Lifecycle Management (1)
  • Local Area Network (1)
  • Low Latency (1)
  • MIME (1)
  • MNO (1)
  • MPLS-Based (1)
  • Massive Machine Type Communications (1)
  • Metro Aggregation (1)
  • Middleware (1)
  • Military (1)
  • Mobile Edge Computing (1)
  • Mobile Network Operator (1)
  • Mobile World Congress (1)
  • Modems (1)
  • NMS (1)
  • NOS (1)
  • Net Neutrality (1)
  • Network Centric Warfare (1)
  • Network Coverage (1)
  • Network Migration (1)
  • Network Security (1)
  • Network Upgrade (1)
  • Networks for defense forces (1)
  • Neutral host networks (1)
  • Non-coherent (1)
  • Novell Netware (1)
  • OLS (1)
  • OSI Stack (1)
  • OSNR (1)
  • OTDR (1)
  • OTN transport and switching (1)
  • Oil and Gas (1)
  • Open Architectures (1)
  • Open Optics (1)
  • Openness (1)
  • Optical (1)
  • Optical Fiber (1)
  • Optical Fibre (1)
  • Optical Performance (1)
  • Optical Transmission (1)
  • Optimization (1)
  • Packet Migration (1)
  • Power (1)
  • Pricing (1)
  • RAN (1)
  • RESTful (1)
  • RINA (1)
  • Real Time Gaming (1)
  • Redundancy (1)
  • Remote Surgery (1)
  • Research and Education (1)
  • Restoration (1)
  • Revenue Generating (1)
  • Roads (1)
  • Routing (1)
  • Rural Networks (1)
  • SCADA Anomaly Detection (1)
  • SDH (1)
  • STMP (1)
  • Securing the OT (1)
  • Self-Organizing Networks (1)
  • Smart Energy (1)
  • Smart Transportation (1)
  • Speed of Light (1)
  • Stateful (1)
  • Stateless (1)
  • Success (1)
  • TDM to Packet (1)
  • Telco Futurism (1)
  • Telecoms Business Model (1)
  • Token Ring (1)
  • Transformation (1)
  • Transportation Providers (1)
  • Transportation Systems (1)
  • URLL (1)
  • Utility Network (1)
  • Vendor Agnostic (1)
  • Water (1)
  • What-if simulations (1)
  • Whitebox (1)
  • Wireless (1)
  • X. 400 (1)
  • alien lambda (1)
  • alien wavelength (1)
  • channels (1)
  • continuous optimization (1)
  • e-learning (1)
  • eCPRI (1)
  • eVPN (1)
  • email directory (1)
  • enterprise (1)
  • fixed line access (1)
  • future technology (1)
  • healthcare (1)
  • homeland security agencies (1)
  • hyperconvergence (1)
  • lightPULSE (1)
  • mmWave (1)
  • network flexibility (1)
  • oRan (1)
  • programmable optics (1)
  • urbanization (1)
  • xHAL (1)
see all
archive-new

  • December 2019 (1)
  • November 2019 (7)
  • October 2019 (7)
  • September 2019 (8)
  • August 2019 (4)
  • July 2019 (8)
  • June 2019 (6)
  • May 2019 (7)
  • April 2019 (8)
  • March 2019 (6)
  • February 2019 (7)
  • January 2019 (7)
  • December 2018 (3)
  • November 2018 (8)
  • October 2018 (8)
  • September 2018 (6)
  • August 2018 (4)
  • July 2018 (8)
  • June 2018 (7)
  • May 2018 (8)
  • April 2018 (8)
  • March 2018 (8)
  • February 2018 (7)
  • January 2018 (6)
  • December 2017 (4)
  • November 2017 (7)
  • October 2017 (8)
  • September 2017 (7)
  • August 2017 (4)
  • July 2017 (8)
  • June 2017 (8)
  • May 2017 (8)
  • April 2017 (6)
  • March 2017 (7)
  • February 2017 (7)
  • January 2017 (5)
  • December 2016 (3)
  • November 2016 (7)
  • October 2016 (5)
  • September 2016 (5)
  • August 2016 (6)
  • July 2016 (6)
  • June 2016 (6)
  • May 2016 (7)
  • April 2016 (9)
  • March 2016 (8)
  • February 2016 (7)
  • January 2016 (5)
  • November 2015 (6)
  • October 2015 (1)
  • April 2015 (1)
  • March 2015 (1)
  • January 2015 (1)
  • December 2014 (1)
  • October 2014 (1)
  • August 2014 (1)
  • July 2014 (1)
  • January 2014 (1)
  • December 2013 (2)
  • December 2012 (1)
  • July 2012 (1)
  • June 2012 (1)
  • May 2012 (2)
  • March 2012 (2)
  • February 2012 (3)
  • January 2012 (2)
  • December 2011 (2)
  • November 2011 (5)
  • October 2011 (4)
  • September 2011 (5)
  • April 2011 (5)
  • February 2011 (2)
  • January 2011 (4)
  • December 2010 (5)
  • November 2010 (6)
  • October 2010 (4)
  • September 2010 (4)
  • August 2010 (6)
  • July 2010 (8)
See All

Recent Posts

Industries

  • Service Providers
  • Utilities and Strategic Industries
  • Data Center
  • Research and Education Network

Products

  • Elastic Services Platform
  • Transport Product Lines
  • Management
  • Muse™ - Network and Service Applications
  • Muse™ - Cyber Security Suite
  • Mercury™ - NFV Solutions

Services

  • Professional Services
  • Services Login

Partners

  • Partner Program
  • Partner Login

RESOURCES

  • What's Hot
  • What's New
  • In the News
  • Blogs
  • Events
  • Webinars
  • Innovation

About

  • Exec Team
  • Global Offices
  • Association
  • Corporate Responsibility
  • Contact
  • We're Hiring!
  • Privacy
  • Terms
© All rights reserved ECI Telecom 2018