Army tactics, managed services could aid power industry in thwarting cyberattacks

Washington — Protecting a cleaner, more distributed grid from cyberattacks will require greater situational awareness, power sector stakeholders agreed Oct. 1 and offered options for keeping the grid secure.

Digital technology is playing a key role in ensuring grid reliability as more renewable resources are integrated into the grid and as consumers demand more control over their power, including the ability to plug-in electric vehicles.

But "that requires a high level of situational awareness, which in turn requires increased digitalization, which provides some additional vectors for cyberattack," American Public Power Association President and CEO Joy Ditto said at a forum hosted by the Atlantic Council Global Energy Center and Scowcroft Center for Strategy and Security's Cyber Statecraft Initiative.

Capitol Crude podcast: Broader threat forces US energy sector to look harder at cyber defenses

While the power sector now has "a heightened sense of awareness" regarding cybersecurity and works "to build that cybersecurity in from the beginning," some legacy systems from the 1980s, 1990s and early 2000s are still playing catch up, she said.

Threat landscape

Wesley Clark, a retired US Army general and head of the strategic consulting firm Wesley K. Clark & Associates, said the power sector is under continuous attack, while trying to make money, produce electric service at lowest cost and greatest reliability and deal with natural disasters like storms and fires.

While adversaries have not successfully disrupted the US bulk power system, "we do believe that there's malware in it, and we do believe that adversarial nations would put malware in not only through the internet, but would sell us hardware that would contain the malware," Clark said.

Clark acknowledged the tradeoffs the power sector must make between efficiency and security. "If you put in a physical piece of equipment that can be reprogrammed while it's in place, which much of our operating equipment has, then there's a door, an IT door that comes into that," he said. That raises questions of who controls that door, who can enter that door and how to keep track of entry.

"So we end up with more and more and wider and wider attack surfaces, and you have to spread your security further along," Clark said.

Leo Simonovich, vice president and global head of industrial cyber and digital security at Siemens Energy, also noted benefits and challenges posed by the energy transition.

It is "opening up a lot of possibilities for asset management, performance management, more efficient dispatch and ultimately a more reliable grid," he said. "Yet what we've seen with the recent wildfires, with hurricanes is that the stability of the grid is under pressure, and that security could be the catalyst for a massive disruption."

He asserted that the central problem in need of a solution was visibility. "We cannot protect what we cannot see," he said. "And as our energy system undergoes this rapid transformation, and as we add more layers to the system, we need to equip ourselves with the monitoring capability that enables us to spot attackers before they can strike."

Managed detection, response

He shared that Siemens is working on cybersecurity solutions that provide the visibility, context and insight needed to take proportionate action in response. Siemens Oct. 1 announced the launch of a managed detection and response service, powered by AI and machine learning.

"The question is always how can we leapfrog the attackers, how can we get faster, how can we get smarter? And the best way to do that is using technology that already exists today and using data that's already available and that we collect for operational purposes," Simonovich said.

Through the new service from Siemens, AI-powered technology would gather and model energy asset intelligence, while Siemens' cybersecurity experts would provide their expertise and actionable insights to aid customers in uncovering attacks before they cause harm.

'Warfighter experiments'

Pulling from his military expertise, Clark recommended repurposing "Army warfighter experiments" used to build the Armed Forces after the Vietnam War and to provide responsive support for operations in Iraq for cybersecurity hardening of the grid.

He envisioned the creation of a national training and testing center with an operating grid. That grid could then be tested and stressed by red teams equipped with the most advanced intelligence on what adversaries are deploying.

"Then we apply that and we invite our utilities and our suppliers to come in and challenge their equipment against the threat in a real operating environment," Clark said. "And then we'd be able to set realistic standards that can be moved out into the field that would encourage people to do this."