115. Four Questions You Must Ace to Ensure Sound Cybersecurity in OT Systems

Some cybersecurity experts believe hackers pose a greater threat than ever to power plants and electric grids. Much of the operational technology (OT) used in power stations and throughout the grid was installed at a time when cybersecurity was more of an afterthought than a focal point in the design process. Furthermore, the pool of bad actors has grown increasingly large and complex, including nation states, activist groups, organized crime syndicates, malicious company insiders, thrill seekers, and a bevy of other folks with a variety of untoward motivations. Hackers are found in all parts of the world, meaning unscrupulous activity is occurring around the clock. The troublemakers aren’t always looking to deploy cyber warfare strategies on the spot, but rather, they often want to gain access to systems so they can cause chaos when the action would be most beneficial to their cause and/or most inconvenient for the system. People in the power sector haven’t been oblivious to the threat. A skilled group of professionals has been assembled to monitor systems and develop countermeasures to thwart possible attacks. Still, the vectors and tactics utilized by hackers are constantly evolving, which makes the task of protecting OT systems challenging. “What worries me right now about the threat landscape overall is that I see it accelerating, in particular, in the OT or the industrial cybersecurity environment,” Ian Bramson, global head of Industrial Cybersecurity at ABS Consulting, said as a guest on The POWER Podcast. It’s not only the frequency of attacks that has changed, but also the kinds of attacks, what’s being targeted, how systems are being hit, the goals of the instigators, and the people responsible for the offenses have all shifted, he said. Bramson believes the conflict in Ukraine has increased cyber risks. “It’s what I call a multi-player game now,” he said. As an example, he mentioned a hacker group that goes by the name “Anonymous.” Days after the war in Ukraine began, Bramson said the group announced it had “declared war” on Russia. Anonymous is not based in Ukraine or affiliated with the country in any known way, it simply decided to take a stand against Russia in response to the country’s aggression. While that in itself doesn’t seem to pose a great threat to U.S. systems, it increases cyber activity overall and could presumably encourage pro-Russian hackers to seek revenge, taking aim at Western targets in response. Furthermore, Bramson suggested much of the cyber activity that’s being undertaken by Russia and its supporters is politically motivated. Attacks are one way, for example, that Russia could try to fight back against sanctions enacted by European countries and the U.S. without firing missiles and starting a physical war with the West. “All that is increasing the pace of attack. So, I think it absolutely is increasing the threat environment for anyone here,” Bramson said. “And it brings that battle—that war—into our systems, into our devices, into our operations of our power and energy plants. That’s where a lot of these conflicts are going to be playing out and that’s what we have to be on guard for.”