Processes That Help Energy and Utility Companies Detect Vulnerabilities
Organizations that operate ICS and other operational technologies (OT) deploy numerous processes to detect hardware and software vulnerabilities, including security information and event management (SIEM) systems, intrusion detection and prevention systems, shared threat intelligence, regular security audits and third-party risk analysis.
A 2022 survey by the SANS Institute found that 42 percent of organizations also conduct assessments of their configuration and control logic programs.
But the most widely used processes tend to fall under two broad categories: vulnerability assessment and scanning, and patch management.
- Vulnerability assessment and scanning: Nearly 60 percent of ICS professionals report deploying passive monitoring using a network sniffer, according to the SANS Institute. Additionally, nearly half rely on continuous use of an active vulnerability scanner; 41 percent actively work with vendors to identify and mitigate vulnerabilities; and 35 percent periodically scan during system downtime. Together, these vulnerability assessment and scanning practices account for the most commonly used processes.
- Patch management: This practice is growing in popularity. The number of organizations that apply all outstanding patches and updates during routine downtime doubled in the past 12 months, according to the SANS Institute survey. More than a third (37 percent) wait for ICS vendors to alert them or send them a patch, and 35 percent monitor for notifications as they are made available through vendors, certification authorities and other sources.
ICS and OT professionals work to improve their security posture by improving communication and creating a culture of security. “A high-functioning utility security apparatus should be aligned to ensure that the best minds across the enterprise — not just in security — are aware of threats and have robust processes to report potential vulnerabilities and emerging incidents,” stated a 2020 McKinsey report.
A forward-looking, collaborative approach to vulnerability detection can help organizations protect their interests, according to the report.
How To Respond to Security Vulnerabilities
System patching — one of the best responses to security vulnerabilities — is already widely in use. Beyond that, experts advise energy and utility companies to develop an emergency response plan, which is important in any industry and critical for energy and utility companies.
As Brian Wrozek, a principal analyst at Forrester, told BizTech in 2022, organizations should be ready with a plan that details a broad range of potential cyberattack scenarios. The plan should include prioritization — not all threats are created equal — and it should spell out the roles of each member of the response team so that when they are called on, they know what to do.
In addition to responding to threats, leaders should identify temporary workarounds so that operations can continue. Communicating with all affected employees — from executives to on-the-ground workers — can help an organization respond smoothly.
Once a threat has been addressed, a post-incident review can help make the emergency response plan more robust for the next attack. Leaders can develop proactive solutions such as network segmentation and firewalls.