The utility industry is faced with a strange dichotomy. While utilities power the digital age, many companies are still dependent on legacy based systems. The inherent risk to these systems grows as the environment becomes hyper-connected. As we introduce technology in to the workplace we expand the landscape that an adversary may use to gain access to vital systems. The desire to become connected has caused a tipping point in operational security. What role will the Internet of Things play? How do we get there? And how do we increase reliability and enhance security?
Emerging technology promise many things. Not only will it help modernize the infrastructure, ease operations and enhance resiliency, these devices will do all this while reducing costs and offer customers better services. SMART technology requires smarter solutions to ensure the Internet of Things does not become the Internet of Threats.
Utilities find value with incorporating services such as Advanced Metering Infrastructure. Currently companies are finding significant savings by rolling out AMI thus saving millions of dollars in field-service and production costs. Customer acceptance and satisfaction also increases as we provide more instrumentation in the distribution environment. Emerging technologies bring numerous benefits such as operational intelligence, real time indications of performance and enhancements to the management systems.
Improving scalability, reliability, and integrating new resources such as renewables are all made possible in the connected environment of the IoT. We also see the IoT enhancing the customer experience by allowing them to monitor and control usage in order to better manage cost. Connectivity increase the situational awareness for the company as well. The ability to see more enables the company to make better decision in the real-time energy market of today. Transmission, distribution and the retail markets all see significant value in the connected world. But what about generation? What role does the IoT play in the plant environment and how do we enable mobility while enhancing security?
As the Information Technology and the Operational Technology converge we must enhance security and protect the legacy base that currently exists. In order to protect the operational environment we need better controls and increased visibility. Security requirements for IT and OT are broad and require a diverse team of experts to incorporate. Corporate management needs visibility of the business functions from payroll to plant operations.
In order to provide the visibility necessary the information security team and the operations teams will need to work together to ensure adequate security measure exist on the enterprise side as well as the industrial side in the plant. Security should be the responsibility of both parties under a unified management team in support of the business objectives.
For asset owners and operators of critical infrastructure facilities in the energy sector the question around security is often “Do I build it or do I buy it?” While there is no easy answer the ability to leverage the expertise of the security community internally and externally will build a diverse security posture that will enhance operations in a compromised environment. Instead of going it alone the greater emphasis today is to leverage the cyber threat intelligence community in order to support operational requirements.
Pushing visibility in to the plant is not only possible but a necessity in the digital world. By deploying solutions further down the stack we are able to increase productivity, predictability and profitability. Governance of the security perimeter is not left fragmented by the traditional IT/OT debate. Secure technologies allow us to see down to the device level in a way that does not disrupt operations nor expose the plant to increased risk.
Creating a shared situational awareness is a goal of the IoT effort. Better information leads to better decision making, both on the business side and the operational side. In order to limit our exposure in a connected world we need to enhance our security posture at all levels by increasing our awareness of threats and vulnerabilities down to the lowest level. We can take a proactive security posture and reduce the chances of our connected environment from becoming the Internet of Threats.
Sean McGurk is Amazon Web Services director of physical security and data center operations. He is the former director of the National Cybersecurity and Communications Integration Center at the U.S. Department of Homeland Security.