The Utilities Technology Council (UTC) recently released a report commissioned by Fortinet titled Utility Operations Cybersecurity Study. The purpose of the study was to “gain an understanding of utilities’ current approaches and status in protecting their operational technology (OT) environments.”
The study is based on the responses to a 2021 year-end survey by the 400 members of UTC. Jointly developed by Fortinet and UTC, the survey consisted of 27 questions. The respondents ranged in size from large investor-owned utilities down to small electric distribution cooperatives.
UTC membership is made up of organizations from electric, water, and natural gas utilities of all ownership types (investor-owned, publicly-owned, and cooperatively-owned). Founded over 70 years ago, UTC uses advocacy, education, and collaboration to create “a favorable business, regulatory, and technological environment for organizations that own, manage, or provide critical utility telecommunications systems.”
One of the primary goals of this utilities trade association is to stay abreast of the latest cyberthreat trends along with the newest cybersecurity solutions to combat them. According to UTC, this latest study represents a broad range of perspectives on operational security at utilities and is divided into five areas covering these specific topics:
As with many industries, the utilities are always evolving and expanding, and, as a result, so are their cybersecurity needs. One of the current drivers is two-way network traffic between IT and OT environments. Today’s utilities allow for a significant amount of traffic to travel from IT to OT environments and back, and this is likely to increase as grids become more complex.
Consequently, best practices for utility operational security must by applied across the organization. This has led to a positive development where “cybersecurity finally has a permanent seat at the table in planning key utility business and technology initiatives.” And now, most utilities are saying that their cybersecurity teams are involved in grid modernization projects at the earliest planning stages.
The survey revealed that some cybersecurity technologies have been adopted by most utilities. The organizations typically have deployed cybersecurity foundational solutions like firewalls, intrusion detection, security incident response, and malicious input detection. And while many utilities indicated that they have not yet added a zero-trust architecture to their defenses, many are planning to roll out a ZTA solution soon.
The utilities’ responses to the question asking them to rank a set of cybersecurity risks shows that utilities do not all prioritize the same risks. This indicates there is no one-size-fits-all cybersecurity solution for utility industrial control systems (ICS) that manage and monitor cyber-physical systems and physical processes.
Utilities tend to place strict controls on what traffic is permitted from Enterprise IT networks into an OT network. In fact, “most utilities employ overlapping approaches to isolate OT environments from IT” and that DMZs and firewall rules are the most popular “isolators” and both are used by over 80% of the respondents.
The deep analysis of the survey data reveals some recurring themes and suggests some appropriate next steps for utilities to ensure that their cybersecurity programs meet the coming challenges of more complex grids.
Learn more and read the full report: Utility Operations Cybersecurity Study.