5 Cybersecurity Trends that will Transform India’s Power Grid

Dick Bussiere, Technical Director, APAC, Tenable explains five cybersecurity trends that lie ahead for power organisations along with practices that must be followed to stay protected in the digital era.

The establishment of the smart grid, driven by population growth and urbanisation projects has played a critical role in the Indian economy. As the third-largest producer and the fourth largest consumer of electricity in the world, India’s power grid is forced to be more flexible to accommodate the supply of power across dispersed cities and rural villages.

Integrated with communication and information technologies, the smart grid is a promising power delivery infrastructure. These interconnected networks also expand the attack surface, enabling bad actors to easily move from one provider to the next. A successful cyberattack to the grid, therefore, presents a core risk to safety, reliability and business continuity; and can cripple the crown jewels of India’s critical power infrastructure.

India’s recent plan to mandate cybersecurity measures for its power grids to ensure high availability and protection of sensitive data is a positive step in the right direction. However, without a good grasp of the security and integrity of digital components, network visibility and security cannot be achieved from the grid level to the bay level and to each individual intelligent electronic device (IED). Improving smart grid inter-connectivity, leveraging modern TCP/IP based standards such as IEC-61850 and IEC-60870-5-104, and employing new techniques of total network situational awareness needs to become de facto industry best practice.

Cybersecurity Trends that will Change India’s Power Industry

Below are five cybersecurity trends that lie ahead for power organisations along with practices that must be followed to stay protected in the digital era:

1. IT/OT convergence introduces new attack vectors

OT-based attacks present a real danger today. The convergence of IT and OT along with the rapid adoption of IoT will accelerate at an unprecedented rate, dissolving the boundaries between them.  This will result in new attack vectors that will need to be discovered, monitored and defended diligently.

Grid operators and regulatory agencies both must audit their implementation strategies for air- gapped systems. The mantra of “set it and forget it” is no longer a plausible security strategy in today’s connected OT environments. Early detection of operational technology (OT) threats requires proactive and continuous base lining and monitoring  at the network and device level to detect deviations and potential threats.

2. OT to IT attacks will become a reality

Organisations will continue to see the emergence of OT/IT attacks. These attacks will intentionally target weak points in the IT or OT infrastructure and laterally creep between these two converging environments.

3. IT and OT teams to share responsibility for  OT security

Security must be a shared responsibility between OT and IT teams. IT teams may be held accountable for converged IT/OT security since they have decades of experience with internet-connected applications and technologies.  Joint responsibility allows the OT team to leverage the experience of the IT team while ensuring that legacy OT operational protocols are not violated. Indeed the relationship is symbiotic since in general, techniques that enhance security also provide enhanced safety, availability and quality for the OT operators. The collaboration between these two groups will herald a new awareness of internal and external security threats across these once separated worlds. IT and OT teams, together will set guidelines for OT security projects based on requirements provided by OT teams, with best practices adopted from both fields.

Implementation of the UN-endorsed ISA/IEC 62443 cybersecurity standards will be an essential first step. These standards are the only consensus-based cybersecurity standard for automation and control system applications. By using these globally-approved standards to increase productivity, lower costs and keep people, industrial facilities and commercial buildings safe, IT teams can bridge the gap with OT.

4. The edge becomes more vulnerable than the core

Bad actors tend to look for low-hanging fruit when launching cyberattacks. The trend of targeting less well-defended OT infrastructures, such as smaller substations or transfer locations, will be more pronounced in the year ahead.  A compromise at a remote site or a small power provider could have cascading effects as they are connected to the larger OT network.  The entire infrastructure could be compromised if an attack is able to spread.

Organisations will need to deploy OT security not only at the core, but also extend to remote and distributed systems.

5. The cyber skills gap will spread to OT

India’s skill shortage is nine percent higher than the global average. The convergence of IT/OT will only widen the skills gap.  With so many disruptive technologies contributing to the expanding attack surface, an organisation may lack the necessary IT or OT security skills and qualified candidates may be scarce.

Organisations should recruit new talent from universities or hire less experienced candidates who are willing and eager to learn, to address security for the combined IT/OT footprint.

Cybersecurity is now widely recognized as a core risk to power networks. To mitigate cyber risk, it is essential to have full visibility, security, and control into all your operational assets, including IEDs, RTUs PLCs, breakers, meters, drivers, and other devices. It’s time for India to not just aggressively adopt innovative solutions, but to take careful steps in securing critical power infrastructures.