America’s energy sector—including the oil and gas and electric power generation and transmission industries—has long faced significant threats in the cyber arena. Four years ago, the Idaho National Lab for the U.S. Department of Energy reported that “threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication.” In 2018, for example, the U.S. publicly accused Russia of conducting a two-year long coordinated campaign of cyber intrusions into the U.S. grid.
The report further noted that while “[t]here have been no reported targeted cyber attacks carried out against utilities in the U.S. that have resulted in permanent or long-term damage to power system operations thus far…electric utilities throughout the U.S. have seen a steady rise in cyber- and physical security-related events that continue to raise concern.”
And those threats remain just as significant today. In 2019, the Director of National Intelligence used five specific examples of how enemies might attack the U.S. in cyberspace to describe the nature of the overall cyber threat landscape facing the country, a majority of which dealt with cyber threats to the energy sector.
Specifically, the DNI noted that “China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks—in the United States.” The DNI also indicated that Russia is actively “mapping our critical infrastructure with the long-term goal of being able to cause substantial damage” and specifically “has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure—such as disrupting an electrical distribution network for at least a few hours—similar to those demonstrated in Ukraine in 2015 and 2016.”
The DNI likewise noted of Iran that it is actively “preparing for cyber attacks against the United States and our allies” and is “capable of causing localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks—similar to its data deletion attacks against dozens of Saudi governmental and private-sector networks in late 2016 and early 2017.”
The bulk of the private sector attacks in Saudi Arabia during 2016-17 that the DNI analyzed were focused specifically on the energy industry.
Leaning in on energy sector cybersecurity
It is no surprise, then, that the U.S. energy sector leans forward when it comes to cyber defense. Tom Fanning, the CEO of Southern Company and a member of the Cyberspace Solarium Commission, has said publicly that “the battles of the future will be fought on our nation’s energy infrastructure, telecommunication networks, and financial systems” and that, as a result, “collaboration between the private sector and government in protecting our American way of life [becomes] that much more vital.”
We are bought into the vision of Collective Defense to better protect ourselves and our sector.
-Oil and gas sector CISO and IronNet customer
Indeed, the Cyberspace Solarium Commission recommended in its report that America adopt a “new social compact” for cyberspace, one built around the concept of Collective Defense in order to create to “truly shared situational awareness.” Specifically, the Solarium Commission recommended that the government establish a Joint Collaborative Environment, “to shar[e] and fus[e] threat information, insight, and other relevant data across the federal government and between the public and private sectors.” According the Solarium Commission, the joint collaborative threat environment would help address the fact that relevant “data or information is not routinely shared or cross-correlated at the speed and scale necessary for rapid detection and identification.”
The idea of Collective Defense as a core building block of national level cybersecurity—for critical infrastructure sectors and other key parts of an economy—is a concept that IronNet’s key leaders have championed since they left government.
And Collective Defense is at the heart of IronNet’s IronDome solution. IronDome is built around the idea of taking behavioral cyber threat intelligence and sharing it, in real-time, across multiple industry sectors and with the government to enable companies to work together and defend their enterprises collaboratively.
Increasing visibility through Collective Defense
This idea of exponentially increasing their visibility into the threat landscape is exactly why the chief information security officer of one of IronNet’s major U.S. energy sector customers noted that they were “fully bought into the vision of collective defense…[as a] vital goal for our sector and the nation.” Indeed, another major IronNet energy sector customer’s chief security officer said that his company’s “bet is on IronNet’s vision and team,” while yet another energy sector CISO asserted that “if anyone can develop a meaningful partnership and information exchange with the US Government, IronNet is best positioned to achieve it.” Likewise, the CISO of one of IronNet’s key customers in the oil and gas sector noted that his company had “bought into the vision of collective defense to better protect ourselves and our sector” and that IronNet’s work was “complementary” to their other efforts, including working with the industry ISAC.
As these threats mount—whether in the energy industry or others—IronNet continues to innovate by leading the Collective Defense movement. You can listen to Tom Wilson, CISO of Southern Company, for example, share his perspective on the biggest challenges the energy sector is facing, and how his organization is responding with a Collective Defense approach.
As Wilson explains,
Big companies like Southern Company have a large technical competency in the cyber area, but many smaller companies don’t. With a Collective Defense approach, we can help smaller companies benefit from a high volume of information sharing. And the large companies benefit because attacks can hit smaller companies, almost as a test run, before turning toward larger companies.
Securing the electricity ecosystem with a partnership model
An important facet of securing the grid is adopting a new way of thinking about securing the traditional utility supply chain. Across the electricity value chain, each partner is as critical to holistic security as the next. After all, cyber criminals are exploiting expanded and digital value chains holistically to circumvent the cyber defenses of traditional flagship companies. Accordingly, working in partnership is the only way to defend as a unified front against criminal groups and nation-state adversaries. Imagine how powerful the sector can become against nation-state adversaries if the entire ecosystem is working together in real time (with a voluntary communication channel to the federal government) to defend itself?
Collective Defense is now possible, allowing stakeholders across the value chain to work side by side — as partners — with large utility companies to secure the nation’s grid. Understanding the most common attacks will empower a proactive and collaborative defensive posture instead of a reactive one. You can learn more about this transformative approach in the “Building a secure utility ecosystem with NDR and Collective Defense” white paper.
*** This is a Security Bloggers Network syndicated blog from IronNet Blog authored by Jamil N. Jaffer. Read the original post at: https://www.ironnet.com/blog/the-case-for-collective-defense-in-the-u.s.-energy-sector