- The North American Electric Reliability Corporation (NERC) has partnered with cybersecurity company Dragos on a collective defense initiative designed to help secure utilities' operational technology (OT) environments.
- Electric companies will be able to install Dragos sensors on their OT networks, which will feed into the company's "Neighborhood Keeper" system. NERC's Electricity Information Sharing and Analysis Center (E-ISAC) will have access to aggregated, anonymized data shared through the platform, and that information can then be passed to utilities to address threats and attacks.
- "We are trying to get more visibility ... to understand the threats, techniques and tactics we're seeing, and then to develop a playbook to shut the door on these threats," said NERC Senior Vice President Manny Cancel, who also heads up E-ISAC.
The utility sector's use of Neighborhood Keeper is an effort to secure the industrial control systems and operational environments that hackers are increasingly targeting.
"The electric community is keenly aware of the kind of cyber threats they face but to date has had to defend against those threats in isolation," Dragos CEO and co-founder Robert Lee said in a statement.
As threats have become more sophisticated, enabled by nation-state actors and criminal ransomware groups, experts say there are growing concerns that electric utilities may not have resources to keep pace. And the variety of attacks highlights the difficulty in securing their systems.
In May, Colonial Pipeline was shut down after hackers encrypted company systems in a ransomware attack. That followed the unprecedented SolarWinds hack, which NERC said left a quarter of electric utilities exposed. More recently, renewables developer Invenergy said it was targeted by a ransomware attack but that its systems were not encrypted. And Puerto Rico's utility, Luma, was hit by a denial of service attack.
"The fact is that organizations need to protect themselves from various classes of attacks through different access points and systems," said Gary Kinghorn, senior director of marketing and alliances at Tempered Networks. The federal government, under President Joe Biden, "is throwing money at energy utilities to shore up their cyberdefenses," he said.
Secretary of Energy Jennifer Granholm on Tuesday told the U.S. Senate Committee on Energy and Natural Resources there is an "urgent need for greater investment in cybersecurity."
The U.S. Department of Energy is "actively engaged with the private sector around strategies for hardening the critical infrastructure against these evolving 21st century threats," she said.
Neighborhood Keeper was originally developed in partnership with DOE, and Dragos says its customers will benefit from the partnership through access to a larger pool of E-ISAC cyber security experts "trained to analyze and provide feedback on threats and vulnerabilities, and collectively influence detection capabilities."
Defending against state and criminal actors "is entirely doable when the community operates as a collective and ensures that an attack on one member is seen by all of us," Lee said. Ultimately, the goal is to have 80-85% of U.S. customers covered by the Neighborhood Keeper system. Reaching that level of penetration, however, will require more than just investor-owned utilities.
"The E-ISAC's role is essentially to be a clearing house for security information," said Cancel. "We want this thing to help protect the entire sector," he added, which means municipal and public power utilities will need to be involved also.
Utilities will install passive sensors in OT environments that examine network traffic for threats and unusual activity. While the cost is not yet clear, Cancel said it will not be expensive relative to other security investments utilities are making. One of the goals with the program is to "establish near real-time situational awareness," including indications, warnings, and response capabilities across the power sector's OT equipment, he said.
"As you add more sensors you are getting more intelligence about what's going on in these environments," said Cancel. The E-ISAC will share that anonymized data with utilities regardless of whether or not they have Dragos sensors installed, he said.