Protecting energy infrastructure from cyberattack
Stuart Madnick, Professor of Engineering Systems at Massachusetts Institute of Technology and Founding Director of Cybersecurity at MIT Sloan, speaks to eolas about how to protect energy infrastructure from cyberattack.
“There’s a lot of overlap between the issues the IT people and the operational technology people face, but there are important differences,” Madnick says. “Some of the key differences I want to stress are that in a cyberattack on an energy or industrial control system, real physical damage can occur. Also, a lot of the safety mechanisms that we normally rely upon is increasingly being controlled by software, so a cyberattack that takes control of your system can also take control of your safety mechanisms.”
Referencing a spate of recent high-profile cyberattacks such as the Turkish pipeline explosion, attacks on a German steel mill and separate attacks on both the US and Ukrainian power grids, Madnick paints a picture of the typical cyberattack on energy systems, which usually involves the shutting down of relays, remedied by manual intervention and avoiding physical infrastructure damage. The industry fear is now that these attacks could create physical damage.
“The good news is the good guys are in fact getting better,” he says. “We’re developing new techniques, better firewalls, all kinds of great ways to make our systems better protected. Unfortunately, the bad guys are getting even badder faster. By some estimates this gap is growing.”
One of the ways of combatting this growing improvement on the side of hackers that Madnick mentions is the use of the White House/National Institution of Science and Technology framework, which breaks down into five key areas: identify, where the organisation develops and understanding of cybersecurity risk; protect, where it develops appropriate safeguards; detects, where it develops activities to identify the occurrence of a cybersecurity even; respond, where it takes action on a detected event; and recover, where it develops plans to restore capabilities following an event.
“We’re doing about 25 or so different projects at MIT Sloan,” Madnick explains. “Although a lot of energy has been going into IT systems, a small amount has been going into OT systems, our energy, water, infrastructure. Improving hardware and software is very important, but it’s the people and the management of those people that increasingly is the major facet.”
In one of their projects, MIT Sloan treat a cyber incident as a type of industrial accident and use prior research into such accidents to identify, understand, and mitigate cyber hazards, using examples such Stuxnet and TJX. The three key concepts that are central to this approach are top-down understanding, the understanding of process models and the understanding of process as hierarchical. “Almost always you find that the failures are at the managerial level, as well as the technical level,” Madnick says.
Concluding, Madnick simultaneously sounds notes of caution and optimism: “There’s a whole new Internet of Things, and we are moving to automated energy systems, which have many great benefits, but they also introduce many new attack surfaces and many things we have never had to deal with. I hate to say it, but my review, is that in the near term at least, the worst is yet to come.
“It’s very important for all of us to develop a deep organisational understanding of our cyber risks. If you don’t understand your risks, you won’t take the appropriate actions. We believe, very importantly, that management at all levels needs to take the lead.”