Experts: Utility companies must adopt more stringent cyber security practices
SUBNET Solutions Inc | Thursday, June 30, 2011
Since the beginning of the year, hackers have become increasingly brazen in their cyber security attacks. Sony and a number of law enforcement agencies, among other organizations, have been breached by these seemingly invisible criminals. A published report indicates that though companies often try to protect against such attacks, they often fail.
The MIT Technology Review reports that cyber security attacks are often executed through a variety of methods. Surprisingly, the news source notes that remotely hacking a computer system is not always the way such infiltrations are carried out.
Industry analysts and cyber security experts assert that company employees are sometimes involved in the attacks, while in other instances hackers have physically broken into facilities to carry out the nefarious acts.
Moreover, according to Verizon's Data Breach Investigations Report, hackers tend to employ varying kinds of techniques in conjunction when they infiltrate, for example, a utility's computer network. That report found that hacking techniques are used in 50 percent of cases where companies' data is stolen.
What's more, malware is used 49 percent of the time; physical attacks stand at 29 percent; misuse of employee privileges accounts for 17 percent; and social tactics are used in roughly 11 percent of all breaches. To protect against the sophisticated and ever-evolving tactics that hackers utilize, analysts recommend that companies similarly use multiple methods of defense.
Among other actions that utilities and other businesses can take, according to experts, are to install new protections like deep packet inspection and to update firewalls and antivirus software. Further, many businesses are increasingly removing data from their networks, fearing it will be stolen, while other companies are paying security consultants to perform audits on their cyber security protocols.
Ultimately, experts affirm that it is essential that companies operating critical infrastructures - of which utilities are included - ensure that they are in compliance with all government-mandated cyber security measures. The Federal Energy Regulatory Commission (FERC), along with the North American Electric Reliability Corporation (NERC), are in charge of developing and implementing such protocols.
With many utility executives reporting that cyber security attacks on their power supply networks are becoming much more common as smart grid technology comes online, it is of the utmost importance that smart grid security practices be as up-to-date as possible, analysts assert.
Substation Cyber Security