Cybersecurity Strategies the U.S. Power Grid Should Apply

In March 2018, DHS issued Alert TA18-074A explaining that Russian government cyber activity targeted energy and other critical U.S. infrastructure sectors. The report went on to explain the tactics, techniques, and procedures (TTPs) employed by the threat actors (responsible entities). Many of the TPPs – phishing, for one – are similar to attacks employed on any organization or individual. A multifaceted approach to cybersecurity can help power utilities provide defense against similar attacks.

Train Employees to Recognize Spear Phishing

CIS previously explained what spear phishing is and why power utilities are vulnerable. A phishing email is designed to prompt a response from the recipient, such as clicking on a link or opening an attachment. Through the response, the recipient may download malware or be redirected to a website prompting them to provide sensitive information, such as login credentials, that will be sent to the cyber threat actors.

It's important to educate employees so they can recognize suspicious emails and handle them appropriately. (CIS offers phishing engagements to test and educate an organization’s workforce.) The IT department should also use filtering, blocking, and validation techniques to prevent emails with known phishing indicators from reaching employees in the first place.

Limit Password Reuse to Prevent Credential Gathering

How many people really follow the advice of creating a separate password for each individual login? With dozens of accounts per person, it’s likely that passwords are being reused. And while it may not seem like a big deal that your department store account was hacked, cyber threat actors compile that information and use it to break into other – more important – accounts.

Credential reuse can result in data breaches, system compromises, loss of brand reputation, as well as financial losses. Some cyber threat actors target login credentials instead of vulnerabilities because it is easier to exploit credentials and gain access to resources through elevated credentials. Credentials with elevated permissions expose organizations to greater risk, allowing for the installation of software or reconfiguration of security controls. If a cyber threat actor is able to use elevated credentials, they can access additional hosts, install malware, steal data, and/or disable or modify security controls.

Organizations should identify unauthorized logins and unusual IP addresses, use two-factor authentication, remind employees not to use work email addresses for personal activities, and take other steps to prevent credential gathering.

Monitor for Network Reconnaissance

Testing a computer network for potential vulnerabilities is known as network reconnaissance. This may be a legitimate activity by the network owner but it can also be a precursor to malicious attacks. The intruder can learn from the attack to gather information about the network’s vulnerabilities.

A network monitoring solution can be used to accurately identify and report malicious activity. An intrusion detection system (IDS) monitors raw network packets and converts data into a netflow format for efficient storage and analysis.

CIS offers 24x7 network monitoring in a U.S.-based security operations center (SOC). Called Albert, it is a unique network monitoring solution that provi

des automated alertson both traditional and advanced network threats, allowing organizations to respond quickly when their data may be at risk. SOC analysts provide event notification when a legitimate alert is detected.

Learn About Albert, CIS’ Network Monitoring Solution

9 Security Resolutions for 2019

Ensuring continuity is essential for power and utility services. Security experts in this industry must…

Read More

How to Build a Cybersecurity Compliance Plan

Cybersecurity compliance can seem overwhelming at first. There is a multitude of standards, tools, and…

Read More

3 Steps to Infrastructure Security and Resiliency

November is Critical Infrastructure Security and Resilience Month. In this blog post, we’ll look into…

Read More
View All
Sign-up for
POWER Magazine's
Monthly e-Newsletter!
Email is required