Cyberattacks on electrical energy utilities are on the rise. From 2020 to 2022, weekly assaults greater than doubled. An assault that exploits a vulnerability in clever digital gadgets (IEDs) like energy distribution items, relay, and circuit breakers can flip off the lights in a neighborhood or complete metropolis. On the floor, it appears easy sufficient to remediate vulnerabilities as quickly as they’re reported—for instance, by upgrading firmware. Truth is, detecting and remediating vulnerabilities in operational know-how (OT) poses a supersized problem for utilities.
Take CPFL Energia, a Brazilian utility with 10.3 million prospects. CPFL needed to spice up the safety posture at its 600+ distribution substations, the place high-voltage electrical energy is remodeled to decrease voltage for distribution to houses and companies. The roadblock? You may’t safe what you’ll be able to’t see, and CPFL’s operations workforce was at midnight about precisely what IEDs have been deployed in substations. Simply setting foot in a substation in Brazil requires a prolonged approval course of, so some substations hadn’t been visited for months. OT visibility grew to become pressing In 2021, when nationwide grid operator ONS required utilities to conduct a cybersecurity vulnerability evaluation.
Operations and IT groups be a part of forces
The utility’s operations workforce knew it didn’t have cybersecurity know-how to evaluate and mitigate threat. The IT workforce had the cybersecurity know-how however didn’t perceive the finer factors of substation operations, like which industrial protocols could possibly be blocked to shrink the assault floor. So, operations and IT determined to workforce up, pooling their strengths. The IT workforce noticed the OT safety mission as a chance to fulfill one other longstanding objective—upgrading the ageing switches at substations to make the most of advances like energy over ethernet (PoE) and administration automation.
OT visibility and switching in a single field, with Cisco industrial switches
CPFL completed each targets—vulnerability evaluation and community modernization—with one answer, Cisco industrial switches. Included on the switches is Cisco Cyber Imaginative and prescient, a software program which routinely identifies all industrial and IT property linked to the community, together with detailed traits and communication actions. The 2-in-one answer is far easier and less expensive than CPFL’s different alternate options: shopping for separate visibility equipment for every substation or else replicating community visitors to a management middle with a centralized visibility equipment. Cisco’s industrial switches meet utilities’ stringent necessities, together with the power to face up to harsh environments, IEC 61850 certification to function in high-voltage environments, and help for industrial protocols like DNP3 and Modbus TCP/IP.
Quick payoff: 20 malware infections found
As we speak each transmission and distribution substation has been upgraded to Cisco Catalyst IE3400 Rugged Collection switches with built-in Cyber Imaginative and prescient. With a look on the Cyber Imaginative and prescient console, CPFL’s operations workforce can view an in depth stock of all linked IEDs and workstations, together with their software program vulnerabilities.
“Instantly Cyber Imaginative and prescient recognized greater than 20 circumstances of malware within the OT community, in addition to many unneeded communication actions and protocols we may shut down to scale back the assault floor,” stated Emerson Cardoso, CPFL’s chief info safety officer. “We now have visibility into our vital grid community, step one towards mitigating vulnerabilities and bettering our safety posture.”
Actual-time alerts: those that rely
CPFL’s safety analysts now obtain real-time alerts about vital occasions as a result of CPFL built-in Cyber Imaginative and prescient with its safety info and occasion administration (SIEM) system. To keep away from alert fatigue and ensure vital occasions are addressed shortly, the IT and OT groups labored collectively to outline 20 varieties of safety occasions that generate alerts. “Cyber Imaginative and prescient helped us overcome the problem of integrating OT into our safety operations middle (SOC),” explains Cardoso. “Our safety analysts now have visibility throughout each IT and OT to behave on the alerts, handle dangers, and implement safety insurance policies all through our networks.”
Whereas deploying the brand new Cisco industrial switches, CPFL additionally deployed Cisco Safe Firewalls to filter industrial community visitors between substations and management facilities. This gave IT the power to include malicious actions and keep away from threats to unfold to your entire infrastructure within the case a breach happens.
Award-winning mission benefiting operations, IT, and prospects
With its new Cisco industrial switches, Cyber Imaginative and prescient, and Cisco firewalls, CPFL solved a number of challenges that utilities have struggled with for years. Operations groups gained visibility into grid property and complied with a brand new regulation for vulnerability evaluation and threat administration. IT modernized substation networks and may monitor and include threats to transmission and distribution operations.
The Brazilian cybersecurity neighborhood has taken notice, recognizing CPFL and Emerson Cardoso as Nationwide Safety Leaders of 2023. The award calls out CPFL’s complete method to cybersecurity and efficient collaboration between OT and IT. In Cardoso’s phrases, “Having strong cybersecurity protections not solely helps mitigate dangers and shield our staff, it additionally ensures we will higher serve our prospects.”
Learn the total case research right here.
Study extra
Share:
