Three key challenges facing the utilities sector

Fortinet Australia Pty Ltd
Wednesday, 18 August, 2021


Three key challenges facing the utilities sector

The utilities sector is one of the most essential critical infrastructure industries. Power generation, distribution and supply, water supply and treatment, and natural gas are essential services for the smooth running of society. During a blackout or when the water is turned off, people can’t go about their daily lives as normal. When these outages last for longer than a few hours, people find themselves unable to perform basic life functions like eating, drinking, and washing. This can quickly lead to widespread panic and, in the event of prolonged outages, can even cause civil unrest and antisocial behaviours such as looting.

A successful cyberattack on a utilities provider is likely to cause widespread disruption, making these critical infrastructure operators a prime target for cybercrime. Cyberattackers can use connected devices and control systems to disable or sabotage the operational technology (OT) that controls the operations of these organisations. The outcomes can include sustained power outages, toxins leaching into water supplies, or even explosions and equipment malfunction leading to injuries and even death.

SCADA systems, industrial control systems (ICS) and other OT used to be protected from cyberattackers because they were air-gapped. Now, these technologies have become increasingly connected to each other and to the internet, which delivers significant business and efficiency benefits but also opens up these systems to the risk of cyberattack.

Protecting OT from online attacks is not the same as protecting corporate information technology (IT) due to the specialised and often delicate nature of OT assets. Utilities operators usually run a variety of systems with differing age, performance, function, business criticality, and upgrade cycles. Put simply, gaining visibility into the OT network can be a challenging task.

New legislation is coming into force in Australia that will require critical infrastructure operators, such as utilities, to demonstrate how they are protecting their systems and networks against cyberattacks.

When it comes to securing their critical infrastructure assets, utilities are facing three key challenges.

1. Increased complexity

ICS and SCADA systems are being connected for remote monitoring and management, while new systems and capabilities are coming online all the time. This is creating increased complexity in the OT environment, making it harder to achieve full visibility and control over all the systems and critical assets.

2. New equipment and threats

Utilities operators regularly invest in new equipment to increase safety or performance. As new equipment is added to the environment and connected to the network, it creates another potential gateway for a cyberattack unless it is secured appropriately. This trend will continue as organisations in the utilities industry continue to find new ways to provide energy and water.

For example, in the future, micro-nuclear capabilities may create efficiencies as the energy industry looks to replace coal and gas in a bid to reduce CO2 emissions. These micro-nuclear plants could potentially deliver relatively safe, clean power but could also create an environmental hazard if successfully breached by a cyberattacker.

3. Visibility and control

The long lifespan of OT and its mission-critical function makes it unviable to replace older systems before they reach end-of-life. However, protecting older systems is challenging because these systems were, in most cases, never designed to be connected to the internet. This means they weren’t designed with cybersecurity in mind, so they can’t be easily patched or protected. Moreover, the use of monitoring agents can disrupt the system’s operations, making it an impractical way to gain visibility.

Adding to these challenges, utilities are also constrained by a lack of budget and resources for cybersecurity projects as well as the shortage of specialised cybersecurity skills.

Image: ©stock.adobe.com/au/Shutter B

Related Sponsored Contents

In a digital world, why is value still hard to find?

At all levels of an industrial system there are a number of barriers that make it difficult to...

Machine learning in manufacturing process control: How ARDI enhances operational efficiency

With increasing data availability, machine learning has become a powerful tool in the...

Verifying and Validating AI in Safety-Critical Systems

In the era of AI-enabled safety-critical systems, validation and verification is becoming crucial...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd