Electricity/Energy Cybersecurity: Trends & Survey Response
Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, we will discuss the characteristics of each industry, the motivations and environmental factors that will drive future cybersecurity improvements. We will also introduce Trend Micro's proposals based on the industry's current state, focusing on manufacturing & production.
Here is for the oil and gas industry.
Here is for the manufacturing
The environment surrounding the electric power industry has changed significantly over the past 10 years, and especially since the adoption of the SDGs to aim for sustainable energy, there is a pressing need to review the supply chain and entire system of the energy industry on a national scale.
A stable supply of electricity supports many industries and lifestyles, including manufacturing, restaurants, transportation such as trains, and households. The impact of power supply instability and outages is more widespread than in other industries.
Due to the nature of electricity, it is not possible to store large amounts of electricity cheaply, so it is essential to match supply and demand (production). To adjust supply according to demand, we have introduced mechanisms such as DR (Demand Response) and VPP (Virtual Power Plant) and are actively utilizing ICT.
In addition, the modernization of power generation, transmission, and distribution systems (digitization, network connection, use of general-purpose software and IT, etc.) is progressing, and at the same time, cyber risks are increasing.
In the United States, ahead of other industries, the Cyber Security Capability Maturity Model (ES-C2M2) was published in 2014 and has been used as a self-assessment procedure. In addition, NERC has decided on a new standard (CIP-012-1) for the protection of communications between large-scale power system control centers, and as a result, guidelines for security measures such as new supply chain risk measures have been introduced.
In addition, in Europe, where electricity is supplied between EU member states, the increase in security threats is not a risk for a single country, but energy and other critical infrastructure operators are required to take security measures (NIS Directive). Security measures are being implemented one after another. Here, we would like to share with you some excerpts from a report conducted by Trend Micro that show trends specific to the electric power industry.
Agenda
1 Characteristics and Considerations of the Electricity/energy Industry Regarding Cyberattacks
1.1 The amount of damage caused by cyberattacks is large
1.2 Causes of system outages
1.3 Current status for security system improvement
1.4 Drivers of Security Improvements
1 Characteristics and Considerations of the Electricity/energy Industry Regarding Cyberattacks
1.1 The amount of damage caused by cyberattacks is large
The amount of damage caused by cyberattacks was $3,378K (Monetary loss due to interruption of ICS/OT system due to cyberattack in last 12 months), which is the same as Oil & Gas. This is 1.8 times the amount of the manufacturing industry. In addition, system downtime was long, and 56% of respondents answered that the outage period was 3 days or longer, exceeding the majority.
As mentioned above, electricity is cheap and cannot be stored in large quantities, and the risk of supply shortages increases if system outages are prolonged. In addition, it is difficult to stop production (production) in the middle, and even if an incident occurs, it cannot be stopped immediately. It may take several days to several months, or even years, to perform scheduled inspections. Also, considering that electricity is the infrastructure of our lives, there is a risk that it will have a greater impact on society as a whole than the amount of damage caused by the electric power industry.
1.2 Causes of system outages
The number one cause of system outages was “Exploitation of external published applications or cloud service” at 31.3%. The second was "Compromise of internet accessible device" and "Malware infection due to legitimate web browsing", both at 29.7%. Outages due to the use of removable media and phishing were the lowest compared to other industries.
Gloss