At the Fortinet Operations Technology (OT) Energy Symposium 2021, Dragos CEO Robert M. Lee opened the virtual event with a keynote presentation that offered an overview of cybersecurity threats targeting the electric power sector.
Rob also shared his perspective on the Biden Administration’s 100-day action plan focused on improving OT cybersecurity and offered recommendations for industrial control systems (ICS) / OT asset owners and operators on how to improve threat detection and response.
Below we provide some highlights from Rob’s keynote discussion. To listen to the keynote presentation in its entirety, including ransomware case studies and activity breakdowns, you can watch the recorded session here.
Cyber Threats Targeting Electric Power Utilities
Energy systems are changing in significant ways due to new demands on the energy portfolio and an increased need for online connectivity. Because of this, many threat groups have been actively targeting electric power and industrial control systems.
Because the number of cybersecurity threats to the electric power grid has increased significantly energy organizations must be at the top of their game to prevent or mitigate these growing cyber threats, but typically these existing threats won’t immediately impact energy operations or distribution. To efficiently manage the increasing threats to industrial environments, asset owners and operators must pause to assess the operational risk of each threat or vulnerability to their business.
Dragos has identified 11 activity groups specifically targeting electric utilities and documented the known threat behaviors. For a better understanding of current cyber risks to electric utilities actively being tracked by Dragos, see Dragos Threat Activity Groups.
Success of Biden Administration’s 100-Day Action Plan
Because of increasing cyber activity targeting and successfully comprising U.S. energy organizations, the Biden Administration announced a 100-day action plan that challenged the electric sector to improve the visibility, threat detection, and incident response in their OT environments and move beyond just prevention-based standards and frameworks in their cyber defense.
CEOs at large energy organizations worked together to determine how to implement the plan’s objectives and then choose the technology and services to enable them to do that. The Dragos Platform and Dragos Neighborhood Keeper were identified as the solutions needed to improve OT asset visibility and share anonymous threat monitoring data with the broader ICS cybersecurity community.
At the end of the 100-day program in August 2021, at least 150 electric utilities serving almost 90 million U.S. electric customers have adopted or committed to adopting technologies to improve and show progress in their OT cybersecurity programs.
3 Ways to Improve Cybersecurity and Incident Response
Industrial asset owners and operators should initially focus on 3 things to improve the security of their OT environments today:
1 | Implement access restrictions and account management, such as multi-factor authentication for remote access – where you are able.
2 | Separate active directory and domain controllers – where you are able. Ransomware actors have proven to use these connections to gain greater access to an organization’s systems.
3 | Establish incident response plans and regularly rehearse these plans with tabletop exercises at an executive level.
Watch Rob’s complete keynote presentation to learn more on each of these topics.
Ready to put your insights into action?
Take the next steps and contact our team today.