The DOE’s energy cybersecurity plan succinctly outlines three overarching areas of concern, which underscores the need for utilities to work collaboratively with government agencies, third-party vendors, and industry associations to mount a comprehensive defense for systems and applications implemented by utilities to support core business functions:
- “Energy owners and operators have integrated advanced digital technologies to automate and control physical functions to improve performance and adjust to a rapidly changing generation mix. This has created a larger cyber attack surface and new opportunities for malicious cyber threats.
- The frequency, scale, and sophistication of cyber threats have increased, and attacks have become easier to launch. Nation-states, criminals,
and terrorists regularly probe energy systems to actively exploit cyber vulnerabilities in order to compromise, disrupt, or destroy energy systems. Growing interdependence among the nation’s energy systems increases the risk that disruptions might cascade across organizational and geographic boundaries.
- In response, the government and private sector continue to increase their spending on cybersecurity operations and maintenance. Despite improving defenses, it has become increasingly difficult for energy companies to keep up with growing and aggressive cyber attacks.”5
The cyberbasics of system and application patching, managing communication and system-level connections, and testing everything that can be evaluated is without doubt more important than ever for those charged with overseeing a utility’s internetworked systems.
Avtec and the Avtec logo are trademarks or registered trademarks of Avtec. Scout™ is a trademark of Avtec. Inc.
Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a contractual relationship.
1 Brooks, Michael, “Experts Urge Utilities to Train, Collaborate on Cybersecurity,” RTO Insider, December 10, 2018. https://www.rtoinsider.com/federal-energy- posluicmy-mit-cybersecurity-107607/
2 National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST) Special Publication 1800-7, Situational Awareness for Electric Utilities, (2017). https://www.nccoe.nist.gov/projects/use-cases/situational-awareness
3 U.S. Department of Energy, Office of Electricity Delivery & Energy Reliability, Multiyear Plan for Energy Sector Cybersecurity, (2018). https://www.energy.gov/sites/ prod/files/2018/05/f51/DOE%20Multiyear%20Plan%20for%20Energy%20Sector%20Cybersecurity%20_0.pdf
4 Hay Newman, Lily, “Equifax officially has no excuse,” WIRED, September 14, 2017. https://www.wired.com/story/equifax-breach-no-excuse/
5 U.S. Department of Energy, “Multiyear Plan for Energy Sector Cybersecurity.”