Adrian Crawley, the regional director of Northern EMEA for Radware, continues his blog on the challenges facing utilities providers as they embrace and integrate with IoT.
Many organisations are working towards changing their supplier contracts to include security requirements and moving the debate to more of a shared responsibility. In fact, many companies are taking this approach now regardless of the type of service the supplier is offering. Too many brands have either witnessed or experienced the consequences of being a cyber-domino whereby the poor security measures of one company bring down the networks of another.
In a world where applications will rule, this approach will be imperative. Many application developers take security seriously and the various protocols that have been established for IoT are being scrutinised by some, with some developers working to go beyond standards and set new ones. This helps to achieve two things: ensure the application layer has inherent security minimising the risk as technologies are adopted, and secondly, helps to engender best practice and set industry standards that have trust at their heart.
Of course, the onus can’t all be on the application developers or manufacturers. Indeed, the data links need to be secure and able to withstand very frequent uploads of meter readings so carriers are considering dedicated protected networks so support IoT.
And of course, the utility needs to step up security too. When you consider that in 2015 intensive automated attacks on a network were up from 16% to 27%, security measures need to be reviewed continuously. These burst bot attacks have lead the security industry to coin the phrase the ‘internet of zombies’, a term that sums up how little human interaction is involved in unleashing an attack these days. Instead attacks are run by robots and can be set to attack for days even months at a time.
Strategic reviews
It’s prompting many companies to rethink their security strategy and move people away from the front line and replace them with a cyber army of their own – an automated attack detection and mitigation defence. Of course, these people are not redundant. Far from it. Instead they are being used to think through the security policies that come from making strategic operational changes, such as introducing more things to the network.
Business continuity is a fundamental a part of this planning exercise, heightened by the geo-political landscape that comes from the energy markets and the spate of state sponsored attacks in regions like Brazil, Philippines and Ukraine. Almost 37% of utilities think state sponsored attacks are likely this year, and 50% think they will be the victim of a politically motivated hacktivist group.
Managing trends
There’s also a growing appreciation that new trends need to be managed carefully. 59% of suppliers think the most likely form of attack on their infrastructure will come from professional gangs motivated by ransom.
Ransomware took off in 2015 and it’s predicted to be the fastest growing form of attack in 2016. On average businesses are seeing three to four attempts a week and it calls for vigilance at the network level, supplier co-operation on detection, and employee awareness.
That’s just three ways that utilities are tackling the integration of IoT and the summary does not do the complexity justice. However, they do emphasise that securing consumer trust is multi-faceted and without an approach that includes collaboration and new approaches to security management, few will succeed in their quest to create more efficient, differentiated businesses.