Energy Organizations Getting a Handle on Threat Environment
It’s clear there’s an increased level of concern today over new threats posed by the smart grid. For example, smart meters running on mesh networks bring in a new level of potential vulnerabilities to both consumers and providers.
From power outages to rerouting or stealing consumption to the possibility of a targeted attack at critical infrastructure – - it goes without saying that the global energy market is emerging as an industry that is facing some real security challenges
Recently, Q1 Labs partnered with Ponemon Research to present a ground-breaking study tapping 291 IT and IT Security executives that unveiled the challenges and critical perspectives global energy and utility organizations have on today’s threat environment.
What we found was over half of global energy organizations do not view IT Security as a strategic initiative across the enterprise. This was intriguing, based on the fact that physical security, as might be expected, scored higher on the priority scale.
Additionally, 76% said they suffered one or more data breaches over the course of the last 12 months. This was interesting not just because of the high percentage of those who said they were breached, but because of how recent the breaches actually occurred.
And as noted in Bloomberg, management teams are challenged in understanding exactly what they are up against in terms of external threats. Honestly, the statistics keep coming – you can read through the summary of findings from Ponemon here. (a more detailed white paper will be coming soon)
As part of the presentation, our California ISO (Independent System Operator) customer walked through how they leverage SIEM as a prescriptive measure that meets their security and compliance requirements.
One interesting comparison between research findings and what CAISO presented was the criticality of NERC/CIP compliance. The research showed that 77% of companies in the industry weren’t prioritizing compliance initiatives as part of their security programs. CAISO outlined how NERC compliance was not only the biggest driver in acquiring a SIEM solution, but also aided in integrating other best practices and key guidelines like NISTIR 7628 for the smart grid.
What CAISO also communicated was that centralizing logging was an important driver, so that they could correlate log data from multiple sources, which speaks to the breadth of integration QRadar offers to this market. And finally, he spoke to the value of flow technology in terms of monitoring ports and services running on the CAISO critical infrastructure. Again, please feel free to check out our recorded presentation for more context.
As the market continues to evolve in terms of identifying threats and vulnerable areas, so must the security industry. As the industry is seeing more targeted attacks, QRadar is helping many energy organizations counter these threats in the pre and post-exploit phases for better visibility across the network. It’s the constant evolution of threats and counter measures that drives IT Security, but within the energy industry, there seems to be an inordinate number of threats that are known by all.