Utilities Need to Deploy Multiple Layers of Defense
IoT security threats are persistent and rapidly evolving. “Knowing that protecting every asset from every potential threat is not realistic, utilities instead manage their risk by deploying defense-in-depth strategies,” says Joy Ditto, president and CEO of the Utilities Technology Council, an industry trade organization.
Data encryption is one of the most powerful security tools available to IoT adopters. “The risks associated with IoT communications within energy and utility companies drives the requirement for encryption throughout the distributed IoT infrastructure,” Reno says.
Like Reno and most other security experts, Richard Ku, senior vice president with Trend Micro, believes that encryption is most effective when used wherever IoT data travels.
“All communication between endpoints and sensors to the edge and then to the cloud must be encrypted so that the data cannot be compromised and manipulated,” he says.
Authentication technology is also widely used to ensure that only approved users gain access to IoT networks and related systems. “Accessing information in the device, edge server or the cloud must require authentication and authorization with the right privilege to ensure no one can compromise the utility environment,” Ku says.
Next-generation firewalls are another important IoT security tool, offering features such as application awareness, stateful inspection and integrated intrusion protection system technology. “Next-generation firewalls offer security and operations teams important capabilities for segmentation, application visibility and threat management,” Reno says.
Physical security, including site access controls and surveillance technologies, constitute yet another essential part of the IoT security mosaic. Access control technologies, such as password-protected cabinets and gates, help energy and utility companies secure physical network assets against tampering and destruction. Video analytics solutions scrutinize live images in real time to detect unusual activities that could pose a threat to IoT technologies. “Video monitoring provides an important tool in mitigating physical security risks and protecting high-value assets,” Reno says.
In addition to managing cyberthreats and physical security, energy and utility companies must also address the business risks created by unplanned downtime caused by natural disasters, equipment failures and worker safety incidents. Agarwal notes that IoT technology itself can help companies prevent or shorten downtime while also protecting staff from the possibility of serious injury.
“A service team, for example, could get a text message, or some sort of warning automatically initiated by a sensor, indicating that a transformer at a specific location is malfunctioning and at risk of failing,” he says. “After viewing the data, the team would know what types of tools and safety gear would be needed to address the situation before a catastrophic failure occurs.”