Do you have gaps in your cyber security?

Utilities are frequently spread too thin to cover their security gaps.

Know your users, know your data

With cyber attacks rising from inside organizations, take action and secure your most valuable assets.

Top 10 considerations for your grid

Understand these 10 high-impact, energy and infrastructure security considerations.

The unrelenting high cost of a data breach

The Ponemon Institute’s 2017 Cost of a Data Breach study

Defend against a malware meltdown

Discover why protecting your nuclear power system is as vital as securing your grid.

Explore the catalog of IBM Security solutions

Learn more about IBM® QRadar®, IBM BigFix® and IBM Watson® for Cyber Security in IBM Marketplace.

10 grid security considerations for utilities

Renewables— the big green elephant:
What's your plan for green energy? Integrating renewable energy into the electrical grid requires better distributed sensing and computing, precision 4D weather prediction and more. This alone is cause for additional grid security concern, because the attack profile will grow larger, be more distributed and be less under the utility’s direct control.

Network security:
Utility networks typically have many soft targets requiring authentication and application security. Think about network security as a set of locks and alarms rather than a gateway.

Regulations and compliance:
Utilities have always operated in partnership with state, local and national government, with strong regulatory and compliance mandates. Expect increasing cyber security requirements in partnership with regulators—and stay on top of them.

IoT: Internet of Trust?
The smart grid is built on the Internet of Things (IoT)—sensors throughout the grid. The problem? Those sensors are potential attack vectors. And the more sensors you have, the more sensors you need to trust. New approaches like trust brokers might be required as utilities incorporate sensors and data from outside their traditional SCADA systems.

"You shall not pass.":
Utilities and their critical infrastructure require an identity and access management architecture that moves beyond simple passwords. Truly effective security requires password expiration, integrated revocation, logon event alerts and, for extreme sectors such as nuclear, physical tokens. And coming soon? Blockchain for added verification and security.

Smart, smarter, smartest—surprised:
As utilities deploy multiple smarter systems, coordination between these systems becomes critical for risk management and security. Uncoordinated intelligent systems can do things that are locally correct but contribute to a system-wide failure. Examine all your systems with an integrated perspective so you're not surprised with bad news.

Pulverized programming:
With so many APIs and cloud services being deployed by utilities, IT professionals need to carefully scrutinize the security posture of the software and cloud services being used. Consider the layers of internet isolation and obfuscation in cloud internal networks, look at infrastructure-as-a-service (IaaS) and hybrid cloud, investigate internal managed security services (MSS) and think of cloud resiliency as a reduction of cyberthreats.

Physical grid security:
Cybersecurity is cool, but physical security remains key in an asset-intensive industry like energy and utilities. Think about how to supplement your physical security staff and procedures with cognitive computing’s visual recognition capabilities.

Accountability:
Keep in mind the dynamic nature of your utility's supply chain. Threats change. And responses should be re-evaluated often so that each department—IT, security, purchasing—understands who's responsible for what. In other words, regularly review all those accountable for maintaining the trust chain for your utility.

Big, bad data:
More sensor data is good—unless it is attacked between the field and the analytics. Bad data influencing operator actions on critical systems can also cause problems. For sensor data, improved algorithms and analytics can help with detection. Think of security as another dimension of the asset. And better training, combined with error-detection tools for code development, can help keep your risk profile low.

Speak with an IBM Energy and Utilities expert