Home » Security Bloggers Network » The state of threats to electric entities: 4 key findings from the 2020 Dragos report

The state of threats to electric entities: 4 key findings from the 2020 Dragos report

by Greg Belding on April 2, 2020

Introduction

In January 2020, industrial cybersecurity firm Dragos released the North American Electric Cyber Threat Perspective, referred to as the Dragos report. This report summarized findings regarding threats and adversaries that focus on critical infrastructure and is intended to be a snapshot of the threat landscape in January 2020 and which is expected to evolve over time.

This article will detail five key findings from the Dragos report and will explore the vulnerability of power outages, the threat of supply chain compromise, solar generation utility communications outage in the United States, recommendations for asset owners and operators and the relative position of the United States. We’ll take a closer look at the report and leave you with a more solid understanding of the industrial cybersecurity threat landscape.

1. Power outages as opportunities for adversaries

A vulnerability that electric entities face stems from the fact that planned outages and maintenance periods can provide adversaries with opportunities to learn about the utility for a future disruption or attack. Examples of what they can learn about include the timing of planned outages, the utility’s operations, recovery procedures and knowledge regarding any anomalous activity during an outage with a high likelihood of not being detected during that time.

When natural disasters occur and the utility schedules a mass outage, this also provides opportunity for adversarial reconnaissance.

Sponsorships Available

The problem is that when outages occur, external entities are allowed into operational environments of the electric entity to provide service. This gives them a prime opportunity to infect an operations technology (OT) environment, whether intentionally or unintentionally. For example, in 2018, Schneider Electric alerted customers of two possibly infected USB sticks that were shipped out to them. (No events caused by this were reported.)