November 12, 2024

Security Sessions | OT Remote Operations Introduce New Risks to Today's Utilities
How to Secure Critical Systems for a Hybrid Workforce

by Bill Moore, Xona

The recent pandemic radically reoriented public utilities as they empowered remote and hybrid teams to maintain operational continuity in any environment. Moving forward, it’s clear that hybrid teams composed of remote and on-site employees will become more common among utilities. While this presents unique opportunities to curb expenses while boosting certain capabilities, it also presents novel cybersecurity challenges that utilities can’t ignore.

Most importantly, according to a survey of 1,726 utility professionals, cybersecurity challenges are amplified as utilities connect OT assets to existing IT systems. In other words, engaging and operating infrastructure using OT resources empowers teams to work effectively from anywhere in the world. However, when not adequately protected, these systems create cybersecurity vulnerabilities that put people, profit and critical resources at great risk. In response, utilities need to secure their OT remote operations with solutions that combine resiliency, security and affordability.
 


 

1. Resiliency in any environment

A utility’s IT network is multifaceted, connecting billing departments, accounting professionals and human resources personnel. These data-heavy digital assets require IT and cybersecurity teams to direct their efforts accordingly, working with hyper-focused precision to secure company and customer data. Meanwhile, OT networks are comprised of physical control systems, where downtime can put public safety at risk or create ripple effects through the wider economy.

Increasing automation and the proliferation of Industrial Internet of Things (IioT) technology have created interdependencies between critical IT systems and OT networks. Failure to secure these networks effectively can have significant consequences for companies and their customers. Most recently, a cyber attack on Colonial Pipeline, an essential utility providing 45% of the East Coast’s fuel, cost the company more than $4 million and resulted in long-lines and panic buying at local gas stations. Although the ransomware attack impacted the company’s IT assets, it was forced to halt operations because of ineffective segmentation and cybersecurity controls.

To empower hybrid teams with OT operational capacity without undermining cybersecurity, utilities can develop resilience by pursuing usability and cybersecurity in tandem and without compromise.

2. OT-centered cybersecurity

Securing remote OT access requires a zero-trust framework that mitigates risk without significantly undermining usability. Critical zero-trust elements include:

  • Multi-factor authentication
  • Protocol isolation
  • Mediated secure file transfer
  • User-to-asset connection monitoring
  • Full user access logging and recording.

Utilities relying on these components reduce their exposure to evolving cybersecurity incidents, ensuring better service availability and allowing utilities to operate confidently in an expansive threat landscape.

3. Affordability & effectiveness

After a pandemic year, wrought with many forms of disruption and economic uncertainty, many utilities are operating with limited financial resources to devote to a hybrid work transition and the accompanying cybersecurity concerns. To compensate, some utilities are utilizing remote access tools without proper network segmentation and cyber protection. These tools also do not meet industry compliance requirements.

Fortunately, investing in a zero-trust framework doesn’t require leaders to ignore their financial reality. Rather, as a Forrester Research report notes, “IT and business leaders likely have heard myths that a zero trust architecture is too costly or complex. In reality, organizations can implement many zero trust strategies with current technology and updated policies and standards.”

At the same time, companies are bringing cybersecurity resources to market that can enhance OT operational capacity, giving utilities options when it comes to securing off-site OT access.

The recent pandemic ushered in a new era for utilities, making them more nimble, agile and better prepared for the future. This path isn’t paved without obstacles. It comes with novel cybersecurity risks that utilities can start addressing today.

Bill Moore is the CEO and founder, XONA, providers of a unique “zero trust” user access platform especially tailored for remote Operational Technology (OT) sites. Moore is currently working with global power generation and distribution customers to reduce their remote operations costs and cyber risks. He brings more than 20 years of experience in security and the high-tech industry, including positions in sales, marketing, engineering and operations.