As part of their modernization, utilities are integrating both new and existing grid infrastructure with IoT-enabled sensor and communication technologies to collect and process large amounts of data. The growth of this IoT for utilities has resulted in the development of large, complex smart grid networks composed of millions of IoT edge devices. According to ABI Research, the number of electricity, water and gas smart meter connection endpoints alone is expected to rise from 650 million in 2018 to 1.3 billion by 2023. However, as they have forged ahead in building out their smart grids and connecting to more edge devices, many utilities’ security strategies for these larger, more complex networks have not kept pace. According to ABI, utilities spent $14 billion on “smart” technologies such as smart meters and IoT services in 2018, almost three times as much as the $5 billion they spent on IoT security technologies, such as IT networks, systems, data, countermeasures, Industrial Control Systems and security policies and procedures.
Without additional investment and focus on smart grid security, the increase in utility IoT connections will dramatically increase utilities’ security vulnerabilities and the risk of damaging cyberattacks. However, by implementing smart grid security strategies and deploying technologies that address these vulnerabilities, utilities can significantly reduce the risk of a cyberattack and mitigate the negative impact of an attack should one occur. In doing so, they can move forward in accelerating their transformation with smart grid and other IoT applications that reduce costs, integrate renewables, increase reliability and enhance customer engagement, without fearing that these efforts will lead to cyberattacks that damage their finances or the trust placed in them by their customers.
The following best practices are crucial to minimizing the risks associated with IoT connectivity.
Becoming familiar with cybersecurity standards and adopting the right standard is paramount. This can be a complex process because there are many regulations and standards that are available to help create a more secure infrastructure. There are foundational organizations, such as the U.S. Department of Homeland Security, the U.S. Department of Energy, NIST, and the European Union Cybersecurity Agency, that identify general strategies, such as the NIST Cybersecurity Framework and the DoE Cybersecurity Capability Maturity Model. Each framework can then have a myriad of specific standards. Fortunately, the standards overlap to a significant degree, so a utility can find the one that seems to best fit their current infrastructure and requirements, but then move to another standard if their requirements change.
Centralized authentication, such as one based on Active Directory and LDAP, makes it much easier to determine and control who has access to which systems. This ensures accountability for access issues and enables IT to revoke access when access is no longer needed. As utilities scale up to tens of thousands of edge devices, this is essential for maintaining control. Another benefit of centralized authentication is the ability to create an audit trail of who is accessing which edge devices and when. This provides “situational awareness,” that is, the ability to collect, alarm and analyze activity across their network to identify and rectify potential security threats. Situational awareness is critical for rapidly detecting and responding to cyberattacks.
The Sierra Wireless Airlink® Management Service (ALMS) enables utilities to see the current status of any device on the grid and can be used to remotely and quickly update devices with new firmware to fend off the latest security threats and attacks. ALMS can also be used to monitor anomalous edge device behavior, such as a high use of data, that might indicate a DOS attack.
A Security Information and Event Management system (SIEM) enables a utility to collect all activity log data from every deployed edge device into a single platform for analysis. The combination of a SIEM and centralized authentication provides the necessary visibility into device access to protect water, gas and electric equipment. For example, the combined solution enables IT to detect patterns of behavior occurring anywhere on the network, such as repeated login failures by a user who doesn’t have access rights. Such activity is a good indicator of a possible cyberattack, and detection allows IT to take immediate action to prevent the attack from being successful.
Another critical consideration as deployments scale up is the supply chain and partner ecosystem. Partners and suppliers should have the same focus on security as the utility. That’s why Sierra Wireless is the partner of choice for so many of the smart grid and IoT platforms used by utilities. With decades of experience building devices for the broadest range of use cases, including mobile, cloud and the IoT, Sierra Wireless builds the highest levels of security directly into our products and services. We also include the required security controls that allow customers and system integrators and partners to build secure end-to-end solutions.
By following smart grid security best practices like the ones listed above, utilities can confidently move forward in implementing new smart grid and other IoT initiatives, without fearing that doing so will increase the risk that a successful cyberattack will disrupt their services or damage the trust placed in them by their customers. To learn more, listen to our webinar, Modernizing Utility Infrastructure: Smart, but Not Always Secure. And be sure to Start with Sierra to learn how you can reimagine your utility infrastructure using the industry’s most innovative and secure solutions.