Uptime Article
November 2014 – Cyber Security
Title options:
Cyber-Insecurity
You have probably received one or more letters notifying you that some of your personal data had been hacked. Target, Home Depot, and UPS are just some of the organizations recently mailing their customers. The worst-case result of these cybercrimes wasthat victims lost money. For utilities and industrial organizations, the worst-casescenario can be much more severe.
In the case of utilities, many believe their compliance with NERC Critical Infrastructure Protection (CIP) Cyber Security Standards provides a sturdy, first line of defense. Actually, they don’t. The CIP standards are meant only to force everyone up to a basic, but relatively weak, security level.
“Many organizationstraditionally focusedtheir cybersecurity efforts on theirhigh-profile assets like primary servers and devotedlittle attention to the parts of their networks they thought were relatively unimportant or insignificant,”says Joseph Baxter, ABB’s NERC CIP lead for HVDC/FACTS. “Inreality, hackersmayexploit any element of your system and use it as a doorway to create havoc in other parts of your system.”
Utilities need to understand that cybersecurity and compliance are not the same thing. Compliance with CIP provides the foundation only for cybersecurity. Protecting yourself requires a higher level of on-going effort.
“Both utilities and industrial organizations need to understand that creating cybersecurity isn’t a one-time activity,” explains ABB product manager Patrik Boo. “Personal protection in a plant requires a variety of tools. Hardhats, glasses, earplugs and so on protect different body parts from different threats. You need the same kind of multi-dimensional approach to protect different assets from different threats. And those protective measures require on-going attention. This isn’t a set-it-and-forget-it activity.”
Every large organization is doing something to ensure their cybersecurity, but it’s a tough task.
“You can’t bolt it on or buy a single product to suddenly achieve security,” Baxter says.“It’s a complex and expensive undertaking. For every organization, it’s essential to create this protection; and for utilities, it’s mandated by law.”
The much-publicized recent security breaches clearly show that no matter how much you are doing to protect your online assets it probably isn’t enough. Look again at your data security measures and consider what can be done to strengthen your defenses.