Sep 28 2023

How Can Energy & Utility Companies Detect Hardware and Software Vulnerabilities in Their Networks?

Vulnerability scanning and patching can protect industrial systems, here's what IT leaders need to know.

You can’t respond to a cybersecurity threat if you don’t know it’s there.

That’s one of the messages from the Cybersecurity and Infrastructure Security Agency’s Ransomware Vulnerability Warning Program, launched earlier this year.

The program is intended to alert organizations, including critical infrastructure entities, about emerging security vulnerabilities. RVWP can warn IT leaders about threats to their industrial control systems (ICS), but awareness is the first stop.

“Most organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network,” RVWP’s website states. Processes, best practices, support services, and internal tools can help with that first step: detection.

Click the banner to learn what tech trends energy and utility leaders are prioritizing now.

Processes That Help Energy and Utility Companies Detect Vulnerabilities

Organizations that operate ICS and other operational technologies (OT) deploy numerous processes to detect hardware and software vulnerabilities, including security information and event management (SIEM) systems, intrusion detection and prevention systems, shared threat intelligence, regular security audits and third-party risk analysis.

A 2022 survey by the SANS Institute found that 42 percent of organizations also conduct assessments of their configuration and control logic programs.

But the most widely used processes tend to fall under two broad categories: vulnerability assessment and scanning, and patch management.

  • Vulnerability assessment and scanning: Nearly 60 percent of ICS professionals report deploying passive monitoring using a network sniffer, according to the SANS Institute. Additionally, nearly half rely on continuous use of an active vulnerability scanner; 41 percent actively work with vendors to identify and mitigate vulnerabilities; and 35 percent periodically scan during system downtime. Together, these vulnerability assessment and scanning practices account for the most commonly used processes.
  • Patch management: This practice is growing in popularity. The number of organizations that apply all outstanding patches and updates during routine downtime doubled in the past 12 months, according to the SANS Institute survey. More than a third (37 percent) wait for ICS vendors to alert them or send them a patch, and 35 percent monitor for notifications as they are made available through vendors, certification authorities and other sources.

ICS and OT professionals work to improve their security posture by improving communication and creating a culture of security. “A high-functioning utility security apparatus should be aligned to ensure that the best minds across the enterprise — not just in security — are aware of threats and have robust processes to report potential vulnerabilities and emerging incidents,” stated a 2020 McKinsey report.

A forward-looking, collaborative approach to vulnerability detection can help organizations protect their interests, according to the report.

DIG DEEPER: Learn how to protect your industrial networks from modern day threats.

How To Respond to Security Vulnerabilities

System patching — one of the best responses to security vulnerabilities — is already widely in use. Beyond that, experts advise energy and utility companies to develop an emergency response plan, which is important in any industry and critical for energy and utility companies.

As Brian Wrozek, a principal analyst at Forrester, told BizTech in 2022, organizations should be ready with a plan that details a broad range of potential cyberattack scenarios. The plan should include prioritization — not all threats are created equal — and it should spell out the roles of each member of the response team so that when they are called on, they know what to do.

In addition to responding to threats, leaders should identify temporary workarounds so that operations can continue. Communicating with all affected employees — from executives to on-the-ground workers — can help an organization respond smoothly.

Once a threat has been addressed, a post-incident review can help make the emergency response plan more robust for the next attack. Leaders can develop proactive solutions such as network segmentation and firewalls.

Most organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network.”

Cybersecurity and Infrastructure Security Agency, Ransomware Vulnerability Warning Pilot

How Third-Party and Managed Services Can Help The Sector 

In addition to deploying security solutions from vendors such as Palo Alto Networks, CrowdStrike, Check Point, Cisco Systems or  Proofpoint, many energy and utility companies engage partners to help protect against vulnerabilities. Handing off security management tasks to a dedicated third party that specializes in defending ICS can free up existing staff for more industry-specific work.

A partner gives energy and utility teams access to continuous monitoring and response, including rapid incident response for critical needs. Dedicated services have deep access to threat intelligence, helping them better prepare for attacks.

They can also provide compliance and regulatory assistance, along with training support to bring the human element of an organization up to speed with security best practices.

By assessing their own vulnerabilities, working with partners and staying in step with tools such as CISA’s RVWP, energy and utility companies can improve their security posture, protecting not just their own bottom line, but also the critical infrastructure that the nation relies on.

shuoshu / getty images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT