The energy and utilities sector plays a critical role in national infrastructure and with government warnings of state-sponsored attacks mounting over recent years, utilities cyber security has become crucial. It is not only a matter of preserving the bottom line and corporate reputation but also one of keeping the public safe from serious service disruption that could put lives at risk.
A category one (C1) attack on critical infrastructure is a matter of “when” not “if”, according to the National Cyber Security Centre (NCSC). Which is no surprise considering the Russian attacks on Ukrainian power stations in December 2015 and 2016, where hundreds of thousands of people were left without power for several hours. To prevent against this, European lawmakers have introduced the NIS Directive, designed to improve baseline security standards among utilities and other CNI sectors.
Going digital, staying secure
Digital transformation in the utilities sector - view our whitepaper to understand threats to the industry and how an easy-to-install solution can help
Utilities in the firing line
Attacks, like the ones in Ukraine, are focused on sabotaging key services. They could range from the technically complex, to the more simple delivery of ransomware, which has been effective in the past at causing mass disruption. The impact of such attacks could range from financial and reputational damage to putting lives at risk; for example if a power outage hits a hospital.
In the utilities market in particular, switching has never been easier thanks to online comparison sites and this makes the reputation damage caused by a breach even more significant. IBM claims churn is at an above average 3% following a breach, and PricewaterhouseCoopers says three in five business customers would switch utility provider if it suffered a breach. Indeed, the energy sector has one of the highest costs per breached record of any sector ($167), according to IBM.
To get back on the front foot, IT leaders need to realise that traditional tools like AV and firewalls aren’t enough to protect their business. Strategic cyber security demands a fresh look at DNS, and in particular, analytics tools that can be used to spot and block attacks early on.
Utilities cyber security threats
Are fears in the industry matched by investment and action? Find out in our infographic
Time for DNS-based security
Most IT teams may understandably pay little day-to-day attention to DNS. It’s vitally important to the business, providing the digital signage required to convert domain names to IP addresses so humans and machines can communicate with each other online. But beyond that, it’s left to its own devices, with firewalls set to whitelist this mission critical traffic.
However, its open design has created vulnerabilities which attackers are adept at exploiting. They hack DNS servers to direct users to phishing and malware sites and hide stolen data in DNS traffic to smuggle it out of breached organizations. DNS is also used by command and control (C2) servers to communicate with infected machines or to deploy malware. It is estimated that DNS plays a part in almost all cyber attacks at some stage.
Nominet’s NTX platform can spot single malicious packets hidden inside large quantities of legitimate enterprise data, enabling utilities IT teams to detect and disrupt attacks before they’ve had a chance to impact your organization.
DNS-based analytics offer a novel approach to a mounting challenge. Cyber threats loom large over the utilities sector, and the stakes for IT and society couldn’t be higher.