DOE Reports the Power Sector Has Serious Cyber Security Capability Gaps

By June 5, 2018 No Comments

On May 30, 2018, the U.S. Department of Energy released an August 2017 report that concluded the power sector has serious “capability gaps” regarding its ability to respond to a cyberattack on the electric grid.

In the report, the DOE assessed the power sector’s ability to respond to a range of cyber security threats, including vulnerabilities in industrial control systems (ICS). The report warns that due to the unprecedented nature of a cyber attack, power restoration following an attack could be challenging for utilities in the power sector.

Read more in the Utility Dive article “DOE cybersecurity report reveals 7 ‘gaps’ in power sector defense capabilities”.

There are several issues with the current security model. The lack of authentication built into the protocols between industrial control systems is a serious vulnerability. In addition, the increasing number of distributed devices, coupled with inadequate account management practices, is elevating the risk. Given the lack of modern access control, bad internal actors don’t even have to worry about being identified.

While replacing outdated protocols will take time, operators need to act now to secure the electrical supply. By deploying decentralized, tamperproof technologies, utilities can protect operations across the electrical grid. These technologies, which include SCADA fingerprinting to protect from zero-day malware attacks and role-based access control with full immutable audit trails for every controller, present a comprehensive solution for protecting America’s vital electrical supply.

Learn more about Xage’s security solutions for the industrial edge.

White Paper

the whitepaper

The current model of enterprise security is incapable of protecting Industry 4.0 with its intermittently connected, heterogeneous devices and applications, distributed across organizations and geographies. Today’s centralized IT security paradigm needs to be replaced by cybersecurity that is distributed, flexible and adaptive.