Solutions to foil cyberattacks on utility companies
Recent cyberattacks that target critical infrastructure (CI) are cause for alarm, particularly when such malicious acts are becoming increasingly dangerous. An EU initiative has introduced a methodology and tools to shield gas, water and electricity companies. There is strong evidence to suggest that harmonising risk and vulnerability assessment methods can greatly enhance existing methodological security and prevention frameworks aimed at minimising cyber risk in the water, gas and energy sectors.
What is more, research fails to recognise the importance of the relationship between industrial process misbehaviour (IPB) and communication and software-related threats (CATh) methods. Combined, the two techniques can have an impact in fighting off growing cyber threats.
IPB takes place when an attacker gains user access rights and performs actions that look legitimate but are intended to disrupt industrial processes. In CATh, an attacker hits computers, networks, sensors, programmable logic controllers (PLCs) or radio signals in order to trigger failures in the supervisory control and data acquisition (SCADA) system.
This is accomplished by leveraging software vulnerabilities. To date, researchers have addressed these two complementary techniques separately, without drawing any parallels.
‘The innovation proposed was to combine both techniques in improving prevention and detection capabilities against cyberattacks where hardware and software system networks are used alongside cyber networks,’ says Dr Giorgio Sinibaldi, Project Coordinator for the EU-funded project PREEMPTIVE (Preventive methodology and tools to protect utilities).
‘Applying this innovative approach to utility facilities that rely heavily on industrial networks and automated control systems should dramatically reduce network vulnerability.’
Overall, the project addressed the prevention of cyberattacks against hardware and software systems such as SCADA, PLC and networked electronic sensing. It also focused on monitoring and diagnostic systems that are used to support the critical services of utility networks.
PREEMPTIVE designed and developed a suite of prevention and detection tools to boost security for SCADA utility networks based on this dual approach that takes into account both IPB and CATh. ‘The biggest strength of the project is the simultaneous analysis of the industrial processes in the physical domain and the cyber assets in the cyber domain,’ explains Dr Sinibaldi.
One set of tools detects anomalous and malicious activities against critical systems. The other detects abnormal behaviour at the industrial process level. Guidelines have been produced to assist with the identified legal and ethical requirements of the tools and their implementation.
The PREEMPTIVE team created a methodology framework to improve current risk and vulnerability assessment methods, standards policies, procedures and guidelines for securing utility networks from cyberattacks.
They also delivered a report on the components, communication protocols and information assets of industrial control systems used by electricity, gas and water utilities. Project partners successfully validated the software tools at an energy company’s laboratory and the framework at a gas utility.
Thanks to PREEMPTIVE, ‘future attacks on utility companies and related industries should be minimised,’ concludes Dr Sinibaldi. ‘This is a new approach with solutions for CI which has different problems compared to “classic” ICT systems.’
The methods and tools should fill the existing gaps among security policies, practices and technologies. Operators managing CI assets and legal and regulatory organisations will have a better overall understanding of the challenges, problems and opportunities involved in CI environments.