Facility owners in North America commonly use internet connected technology to perform important jobs like monitoring control systems and accessing infrastructure remotely. Utility infrastructure systems are often outdated and have limited visibility into what is going on with their operational technology settings. Traditionally, work environments were separated as an "old" technology and "new" technologies.

Now that the two are converging, new security threats have emerged. More companies are adopting new apparatuses to approach the challenges of OT/IT convergence.

 This begs the question:

"What should underground utility owners do to boost security?"

1. CULTURAL OF PROACTIVITY:

There are several approaches to defending against these risks, but one thing is certain: our sector must be proactive in providing answers. To begin, you must take proactive actions to notify staff of possible dangers and teach them on how to respond correctly if a cyber incident occurs. In the face of increased phishing, malware assaults, data theft, and billing fraud, all workers must appreciate the need to be cautious.

Check out our Reducing Asset Damages article

2.  CYBERSECURITY HYGIENE

Basic "hygiene" measures, such as using stronger passwords and avoiding the use of USB devices will help keep the most dangerous viruses out of critical systems

 “62% of oil and energy companies are at heightened risk of ransomware attacks due to their weak cybersecurity performance.” – BitSight research. 

The sooner you address these problems, the better. A lapse in security will jeopardize your business and potentially harm customers.

3. HAVE A DATA RECOVERY PLAN 

I cannot emphasize enough the importance of having an action plan in place so that you know exactly what steps to take if an attack occurs. To reduce the chances of sustaining a Cyber attack, it's important to establish an effective plan. This should include shutting down the compromised devices and locking off access to any other connected systems. You should also try to isolate the effects of the attack so that there is no further damage. Lastly, restore normal operations as quickly as possible by ensuring that backup resources are available. Check out this ready.gov article on creating a disaster recovery plan.

4. ASSESS SECURITY WEAKNESSES

A thorough examination of network connections and devices is also required in order to detect vulnerabilities and prioritize the most essential ones. Continuous assessment and improvement efforts are essential for sustaining high-performing security. However, enterprises must ensure that the evaluation does not exhaust the security team's resources and divert focus away from the shifting threat landscape and increasing attack surface.

Conclusion

Utility operators must take a more proactive approach to security and think about it before construction decisions are made. IIn the digital age, new and emerging threats are constantly being created. Business leaders must develop security-minded policies to combat these threats. With increasing advancements in AI and machine learning, attackers will continue to develop and employ new attack techniques.