In early 2021, Americans living on the East Coast received a sharp lesson about the growing importance of cyber security in the energy industry. The company operating the colonial pipeline is the victim of a ransomware attack – the main infrastructure artery that carries about half of all liquid fuel from the Gulf Coast to the eastern United States. At least some of them have been compromised with computer systems, and unable to be sure about the extent of their problems, knowing the company was forced to solve a brutal power: shutting down the entire pipeline.
Disruption in fuel distribution had huge consequences. Fuel prices rise immediately. The President of the United States got involved, trying to reassure panicked consumers and traders that fuel would soon be available. After five days and numerous millions of dollars in economic losses, the company paid a 4.4 million ransom and restored its operations.
It would be wrong to see this incident as the story of a single pipeline. Throughout the energy sector, most of the physical equipment that generates and moves fuel and electricity across the country and the world relies on digitally controlled, networked equipment. Systems designed and engineered for analog operations have been redesigned. The new wave-low technology of wave-solar to wind-combined-cycle turbines-automatic ly technology, using automatic control, extract each efficiency from their respective energy sources.
Meanwhile, the Covid-1 crisis has accelerated a distinct trend towards remote operations and more sophisticated automation. A large number of workers have moved from reading a dial at a plant to reading a screen from their couch. Powerful tools for how to create power and change routes can now be changed by anyone who knows how to log in.
These changes are great news – the world gets more energy, less emissions and lower prices. But these changes also highlight the kind of vulnerabilities that abruptly halted the Col colonial pipeline. The same tools that make legitimate power-sector workers more powerful become dangerous when hackers hijack. For example, hard-to-replace equipments may be instructed to shake themselves into bits, while parts of a national grid may be kept out of commission for several months.
For many nation-states, the ability to push a button and sow chaos in the economy of a rival state is highly desirable. And the more power infrastructure is hyperconnected and digitally managed, the more targets provide that opportunity. Not surprisingly, a growing portion of cyber attacks in the energy sector have shifted from targeted technology information (IT) to targeted operating technology (OT) – devices that directly control plant activity.
To stay on top of the challenge, the Chief Information Security Officer (CISO) and their Security Operations Center (SOC) need to update their approach. Defending operating technology requires different strategies than defending information technology – and a distinct knowledge base. To get started, defenders need to understand the operating status and tolerance of their assets. Uniform orders can be valid or corrupted depending on the context.
Even collecting relevant information necessary for threat monitoring and detection is a logical and technical nightmare. Typical energy systems are made up of equipment from several manufacturers, which have been installed and retrofitted for decades. Only the most advanced layers were built with cyber security as a design limitation and almost none of the machine language used was consistent.
For most companies, the current state of maturity in cybersecurity leaves much to be desired. Close-up scenes in IT systems are associated with large OT blind spots. Data lakes swell with carefully collected outputs that cannot be combined with a consistent, comprehensive picture of operational status. Analysts burn into alert fatigue when manually trying to sort out benign warnings from fruitful events. Many companies cannot create a comprehensive list of all digital assets legally connected to their network.
In other words, the ongoing energy revolution is a dream for efficiency – and a nightmare for security.
New solutions have been called for to secure the energy revolution that is equally capable of detecting and working on threats in both the physical and digital worlds. Security operations centers need to integrate IT and OT data flows, creating a unified threat stream. In terms of the scale of data flow, automation has to play a role in applying operational knowledge to alert the generation. Analysts will need extensive, in-depth access to relevant information. And as threats evolve, businesses need to grow and adapt as wealth increases or retires.
This month, Siemens Energy unveiled a monitoring and detection platform aimed at addressing key technical and capability challenges facing CISO, which is responsible for maintaining critical infrastructure. Siemens Energy engineers have done the necessary legwork to automate a unified threat stream, allowing their offer, Eos.ii, to act as a fusion SOC capable of expressing the power of artificial intelligence over energy infrastructure monitoring challenges.
AI-based solutions answer the dual need for adaptability and uninterrupted caution. Machine learning algorithms can learn the expected relationships between trawling variables in large amounts of operational data, detect invisible patterns in the human eye, and uncover inconsistencies for human investigation. Since machine learning can be trained in real-world data, it can learn the unique features of each production site and be repetitively trained to distinguish benign and consequent inconsistencies. Analysts can then ignore warnings or known sources of melody for specific threats.
Enhancing monitoring and detection in OT space makes it difficult for attackers to hide এমনকি even when unique, zero-day attacks are deployed. In addition to examining traditional endorsement signals such as signature-based detection or network traffic spikes, analysts can now observe how new inputs can affect real-world tools. Cleverly disguised malware will still raise the red flag by creating operational inconsistencies. In practice, using AI-based systems, analysts found that their Eos.ii detection engine was sensitive enough to predict maintenance requirements উদাহরণ for example, when a bearing was exhausted and the ratio of electricity to steam began to drift.
That’s right, both IT and OT should be exposed to monitoring and detection intruders. Alert search analysts can find user history to determine the source of inconsistencies, and then proceed to see what else has changed within the same period or by the same user. For power companies, an increase in clarity translates into a dramatically reduced risk – if they can determine the chance of an intrusion, and identify which particular system has been compromised, they gain options for surgical response that solves the problem of minimal parallel damage – say , A single branch office and two pumping stations instead of a closed whole pipeline.
As energy systems continue their trend towards hyperconnectivity and broader digital control, one thing is clear: a given company’s ability to provide reliable services will depend more on their ability to build and sustain strong, precise cyber defenses. AI-based monitoring and detection provides a promising start.
To learn more about Siemens Energy’s new AI-based monitoring and detection platform, see their recent white paper at Eos.ii.
Siemens Energy Cyber Security Learn more about Siemens Energy Cyber Security.
This material was produced by Siemens Energy. It was not written by the editorial staff of MIT Technology Review.