Cyberattacks on electrical energy utilities are on the rise. From 2020 to 2022, weekly assaults greater than doubled. An assault that exploits a vulnerability in clever digital gadgets (IEDs) like energy distribution items, relay, and circuit breakers can flip off the lights in a neighborhood or whole metropolis. On the floor, it appears easy sufficient to remediate vulnerabilities as quickly as they’re reported—for instance, by upgrading firmware. Reality is, detecting and remediating vulnerabilities in operational expertise (OT) poses a supersized problem for utilities.
Take CPFL Energia, a Brazilian utility with 10.3 million clients. CPFL wished to spice up the safety posture at its 600+ distribution substations, the place high-voltage electrical energy is reworked to decrease voltage for distribution to properties and companies. The roadblock? You possibly can’t safe what you possibly can’t see, and CPFL’s operations group was in the dead of night about precisely what IEDs have been deployed in substations. Simply setting foot in a substation in Brazil requires a prolonged approval course of, so some substations hadn’t been visited for months. OT visibility turned pressing In 2021, when nationwide grid operator ONS required utilities to conduct a cybersecurity vulnerability evaluation.
Operations and IT groups be a part of forces
The utility’s operations group knew it didn’t have cybersecurity know-how to evaluate and mitigate danger. The IT group had the cybersecurity know-how however didn’t perceive the finer factors of substation operations, like which industrial protocols may very well be blocked to shrink the assault floor. So, operations and IT determined to group up, pooling their strengths. The IT group noticed the OT safety venture as a chance to satisfy one other longstanding aim—upgrading the getting old switches at substations to make the most of advances like energy over ethernet (PoE) and administration automation.
OT visibility and switching in a single field, with Cisco industrial switches
CPFL achieved each objectives—vulnerability evaluation and community modernization—with one answer, Cisco industrial switches. Included on the switches is Cisco Cyber Imaginative and prescient, a software program which robotically identifies all industrial and IT belongings linked to the community, together with detailed traits and communication actions. The 2-in-one answer is way less complicated and less expensive than CPFL’s different alternate options: shopping for separate visibility equipment for every substation or else replicating community site visitors to a management heart with a centralized visibility equipment. Cisco’s industrial switches meet utilities’ stringent necessities, together with the flexibility to resist harsh environments, IEC 61850 certification to function in high-voltage environments, and assist for industrial protocols like DNP3 and Modbus TCP/IP.
Fast payoff: 20 malware infections found
Right this moment each transmission and distribution substation has been upgraded to Cisco Catalyst IE3400 Rugged Sequence switches with built-in Cyber Imaginative and prescient. With a look on the Cyber Imaginative and prescient console, CPFL’s operations group can view an in depth stock of all linked IEDs and workstations, together with their software program vulnerabilities.
“Immediately Cyber Imaginative and prescient recognized greater than 20 instances of malware within the OT community, in addition to many unneeded communication actions and protocols we might shut down to scale back the assault floor,” mentioned Emerson Cardoso, CPFL’s chief info safety officer. “We now have visibility into our crucial grid community, step one towards mitigating vulnerabilities and enhancing our safety posture.”
Actual-time alerts: those that rely
CPFL’s safety analysts now obtain real-time alerts about crucial occasions as a result of CPFL built-in Cyber Imaginative and prescient with its safety info and occasion administration (SIEM) system. To keep away from alert fatigue and ensure crucial occasions are addressed rapidly, the IT and OT groups labored collectively to outline 20 sorts of safety occasions that generate alerts. “Cyber Imaginative and prescient helped us overcome the problem of integrating OT into our safety operations heart (SOC),” explains Cardoso. “Our safety analysts now have visibility throughout each IT and OT to behave on the alerts, handle dangers, and implement safety insurance policies all through our networks.”
Whereas deploying the brand new Cisco industrial switches, CPFL additionally deployed Cisco Safe Firewalls to filter industrial community site visitors between substations and management facilities. This gave IT the flexibility to comprise malicious actions and keep away from threats to unfold to all the infrastructure within the case a breach happens.
Award-winning venture benefiting operations, IT, and clients
With its new Cisco industrial switches, Cyber Imaginative and prescient, and Cisco firewalls, CPFL solved a number of challenges that utilities have struggled with for years. Operations groups gained visibility into grid belongings and complied with a brand new regulation for vulnerability evaluation and danger administration. IT modernized substation networks and may monitor and comprise threats to transmission and distribution operations.
The Brazilian cybersecurity neighborhood has taken observe, recognizing CPFL and Emerson Cardoso as Nationwide Safety Leaders of 2023. The award calls out CPFL’s complete strategy to cybersecurity and efficient collaboration between OT and IT. In Cardoso’s phrases, “Having strong cybersecurity protections not solely helps mitigate dangers and defend our staff, it additionally ensures we are able to higher serve our clients.”
Learn the total case research right here.
Study extra
Share: