Cyberattacks on electrical energy utilities are on the rise. From 2020 to 2022, weekly assaults greater than doubled. An assault that exploits a vulnerability in clever digital gadgets (IEDs) like energy distribution models, relay, and circuit breakers can flip off the lights in a neighborhood or whole metropolis. On the floor, it appears easy sufficient to remediate vulnerabilities as quickly as they’re reported—for instance, by upgrading firmware. Reality is, detecting and remediating vulnerabilities in operational expertise (OT) poses a supersized problem for utilities.
Take CPFL Energia, a Brazilian utility with 10.3 million clients. CPFL wished to spice up the safety posture at its 600+ distribution substations, the place high-voltage electrical energy is remodeled to decrease voltage for distribution to properties and companies. The roadblock? You may’t safe what you’ll be able to’t see, and CPFL’s operations staff was at nighttime about precisely what IEDs had been deployed in substations. Simply setting foot in a substation in Brazil requires a prolonged approval course of, so some substations hadn’t been visited for months. OT visibility grew to become pressing In 2021, when nationwide grid operator ONS required utilities to conduct a cybersecurity vulnerability evaluation.
Operations and IT groups be part of forces
The utility’s operations staff knew it didn’t have cybersecurity know-how to evaluate and mitigate threat. The IT staff had the cybersecurity know-how however didn’t perceive the finer factors of substation operations, like which industrial protocols may very well be blocked to shrink the assault floor. So, operations and IT determined to staff up, pooling their strengths. The IT staff noticed the OT safety mission as a chance to fulfill one other longstanding purpose—upgrading the getting old switches at substations to benefit from advances like energy over ethernet (PoE) and administration automation.
OT visibility and switching in a single field, with Cisco industrial switches
CPFL achieved each objectives—vulnerability evaluation and community modernization—with one resolution, Cisco industrial switches. Included on the switches is Cisco Cyber Imaginative and prescient, a software program which routinely identifies all industrial and IT property related to the community, together with detailed traits and communication actions. The 2-in-one resolution is far easier and more cost effective than CPFL’s different alternate options: shopping for separate visibility equipment for every substation or else replicating community site visitors to a management middle with a centralized visibility equipment. Cisco’s industrial switches meet utilities’ stringent necessities, together with the power to resist harsh environments, IEC 61850 certification to function in high-voltage environments, and assist for industrial protocols like DNP3 and Modbus TCP/IP.
Fast payoff: 20 malware infections found
As we speak each transmission and distribution substation has been upgraded to Cisco Catalyst IE3400 Rugged Sequence switches with built-in Cyber Imaginative and prescient. With a look on the Cyber Imaginative and prescient console, CPFL’s operations staff can view an in depth stock of all related IEDs and workstations, together with their software program vulnerabilities.
“Instantly Cyber Imaginative and prescient recognized greater than 20 circumstances of malware within the OT community, in addition to many unneeded communication actions and protocols we may shut down to scale back the assault floor,” stated Emerson Cardoso, CPFL’s chief data safety officer. “We now have visibility into our important grid community, step one towards mitigating vulnerabilities and enhancing our safety posture.”
Actual-time alerts: those that rely
CPFL’s safety analysts now obtain real-time alerts about important occasions as a result of CPFL built-in Cyber Imaginative and prescient with its safety data and occasion administration (SIEM) system. To keep away from alert fatigue and ensure important occasions are addressed rapidly, the IT and OT groups labored collectively to outline 20 sorts of safety occasions that generate alerts. “Cyber Imaginative and prescient helped us overcome the problem of integrating OT into our safety operations middle (SOC),” explains Cardoso. “Our safety analysts now have visibility throughout each IT and OT to behave on the alerts, handle dangers, and implement safety insurance policies all through our networks.”
Whereas deploying the brand new Cisco industrial switches, CPFL additionally deployed Cisco Safe Firewalls to filter industrial community site visitors between substations and management facilities. This gave IT the power to comprise malicious actions and keep away from threats to unfold to your complete infrastructure within the case a breach happens.
Award-winning mission benefiting operations, IT, and clients
With its new Cisco industrial switches, Cyber Imaginative and prescient, and Cisco firewalls, CPFL solved a number of challenges that utilities have struggled with for years. Operations groups gained visibility into grid property and complied with a brand new regulation for vulnerability evaluation and threat administration. IT modernized substation networks and might monitor and comprise threats to transmission and distribution operations.
The Brazilian cybersecurity neighborhood has taken be aware, recognizing CPFL and Emerson Cardoso as Nationwide Safety Leaders of 2023. The award calls out CPFL’s complete strategy to cybersecurity and efficient collaboration between OT and IT. In Cardoso’s phrases, “Having sturdy cybersecurity protections not solely helps mitigate dangers and shield our staff, it additionally ensures we will higher serve our clients.”
Learn the complete case research right here.
Be taught extra
Share:
