A Glimmer of Hope for Industrial Security in 2016

Creating the smart grid for critical infrastructure is becoming increasingly feasible from an economic standpoint.

For the oil and gas industry this could mean greatly-reduced operating costs and more efficient fuel consumption.

For utilities companies, the smart grid brings the ability to offer more demand-based pricing and efficiency benefits. However, security concerns have rightfully stood in the way of a seamless shift to the Industrial Internet of Things (IIoT).  

As we write this article, breaking news is being released on new malware targeting utilitiy companies in Europe.

But, despite the usual bleak outlook on Industrial Ethernet security, PwC’s recent report, The Global State of Information Security Survey 2016, offers a glimmer of hope for power and utility organizations regarding critical infrastructure security. Here’s what you need to know.

Threat Highlights from PwC’s The Global State of Information Security Survey 2016 for Power and Utilities 

There’s no denying the challenges that internet connectivity presents for power and utility companies, which is why PwC’s report begins by presenting their findings on today’s threat landscape:

• 62% increase in the number of compromised utility customer records between 2014 and 2015
• The increase in compromised records comes as detected security incidents dropped 34%
• Attacks on patents and other hard intellectual property grew 234% year over year
• The average cost of an industrial security incident nearly doubled, up 95% from 2014 

These four highlights paint the typically dark picture that surrounds Industrial Ethernet security. While the actual numbers may be surprising, the trends shouldn’t be anything new for security professionals within these power and utility companies.  However, many OT security professionals have their hands tied when trying to adapt to modern IT practices. Modern security solutions aren’t tailored to the specific needs of Industrial Ethernet users, leaving security professionals with unpatched operating systems and legacy SCADA systems that can’t meet IIoT demands.  

These Industrial Ethernet challenges, coupled with the growing threat landscape, would seem to indicate that greater struggles are in store for power and utility organizations throughout 2016. However, if you look closely at PwC’s findings, you’ll see there’s a glimmer of hope for the state of Industrial Ethernet security in 2016. 

Why There’s Reason to be Cautiously Optimistic for Industrial Ethernet Security’s Future

Companies like Rhebo are pioneering new ways to defend the Industrial Ethernet, but power and utility companies can’t rely on any perfect, all-in-one solution to solve growing security challenges. 

Having said that, there were a few findings in PwC’s report that indicate these critical infrastructure industries are moving in the right direction when it comes to defending the Industrial Ethernet:

• For the third year in a row, power and utility organizations raised their security budgets—this year by 9%
• 55% of survey respondents are using Big Data to increase awareness of security incidents
• 95% of respondents have implemented a risk-based security framework
• External collaboration regarding cyber security best practices grew over 88% from 2014
• The number of companies participating in industry/government information sharing more than doubled

It may seem counterintuitive to collaborate with your competitors, but when it comes to defending against increasingly sophisticated cyber attackers, information sharing is a necessity. This is why there’s hope for Industrial Ethernet security moving forward—power and utility organizations are taking steps toward securing new systems and working together to change the typically bleak narrative.

PwC’s report provides context for the growing concern for improving Industrial Ethernet security, but you’re still left wondering what practical steps you can take to defend IoT-enabled critical infrastructure.

If you want to learn more about how to actually protect your network as attackers increasingly target critical infrastructure, download our free white paper, Defending the Industrial Ethernet.