Protecting our electric grid from the growing number of cyberthreats is critical to keep society functioning. Most utility industrial control systems (ICS) were originally designed using local area networks (LAN) that weren’t connected to any Internet-facing devices. Although this didn’t guarantee complete security, it did create an “air gap” by physically separating the devices from other Internet-connected devices. Now, the demand for increased efficiency and remote monitoring capabilities has required these once isolated networks to be integrated with other Internet-facing networks. These new smart grid technologies expose these networks to a growing number of malicious actors targeting ICS for financial gain or nation-state objectives.
Additionally, utility operators in the United States and Canada must keep pace with the evolving and stringent regulatory requirements of the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) standards. Today, a $10 million fine was issued to an anonymous utility company, the largest public fine in NERC CIP’s history. Maintaining compliance with NERC CIP has now become even more crucial as standards become stricter and fines costlier.
Two of the most difficult challenges associated with securing utility ICS networks, and complying with NERC CIP, are maintaining an accurate, up-to-date asset inventory list and performing security monitoring of grid-edge devices. These capabilities are fundamental to help ensure the overall security, safety and reliability of the grid, and also to avoid regulatory fines. Asset inventory is something that both information technology (IT) and operational technology (OT) professionals in the utility industry can agree is not an easy task. Historically, it has been very costly, time-consuming and labor-intensive, often requiring multiple physical site visits. However, keeping an accurate asset inventory is critical because without knowing what you must secure, all future threat modeling activities, cybersecurity strategy development, and remediation activities may be incomplete or ineffective.
Fortunately, advancements in network security monitoring and protocol deep packet inspection now allow asset owners to non-intrusively obtain real-time asset inventory information from devices communicating over serial or TCP/IP based communication channels by utilizing the built-in capabilities of grid-edge devices. Not only does this added level of visibility help provide an accurate and up-to-date asset inventory, but it also continuously monitors the network to detect both cybersecurity and operational risks. Implementing a non-intrusive OT network monitoring solution, such as Forescout’s SilentDefense, can help utility asset owners maintain an accurate asset inventory list in real time and stay compliant with NERC CIP, while also protecting the grid’s edge from cyberthreats.
To learn more about how SilentDefense can help you leverage existing network infrastructure and investments to gain more efficient operations, simplified compliance, and cybersecurity benefits, visit us at booth #4049 next week during DistribuTECH and look out for our upcoming blog series on how Forescout can help you stay compliant with NERC CIP.