Cyberattacks on electrical energy utilities are on the rise. From 2020 to 2022, weekly assaults greater than doubled. An assault that exploits a vulnerability in clever digital units (IEDs) like energy distribution models, relay, and circuit breakers can flip off the lights in a neighborhood or whole metropolis. On the floor, it appears easy sufficient to remediate vulnerabilities as quickly as they’re reported—for instance, by upgrading firmware. Reality is, detecting and remediating vulnerabilities in operational expertise (OT) poses a supersized problem for utilities.

Take CPFL Energia, a Brazilian utility with 10.3 million clients. CPFL wished to spice up the safety posture at its 600+ distribution substations, the place high-voltage electrical energy is reworked to decrease voltage for distribution to houses and companies. The roadblock? You possibly can’t safe what you possibly can’t see, and CPFL’s operations staff was at midnight about precisely what IEDs had been deployed in substations. Simply setting foot in a substation in Brazil requires a prolonged approval course of, so some substations hadn’t been visited for months. OT visibility grew to become pressing In 2021, when nationwide grid operator ONS required utilities to conduct a cybersecurity vulnerability evaluation.

Operations and IT groups be a part of forces

The utility’s operations staff knew it didn’t have cybersecurity know-how to evaluate and mitigate danger. The IT staff had the cybersecurity know-how however didn’t perceive the finer factors of substation operations, like which industrial protocols might be blocked to shrink the assault floor. So, operations and IT determined to staff up, pooling their strengths. The IT staff noticed the OT safety challenge as a chance to fulfill one other longstanding aim—upgrading the getting older switches at substations to reap the benefits of advances like energy over ethernet (PoE) and administration automation.

OT visibility and switching in a single field, with Cisco industrial switches

CPFL achieved each objectives—vulnerability evaluation and community modernization—with one resolution, Cisco industrial switches. Included on the switches is Cisco Cyber Imaginative and prescient, a software program which robotically identifies all industrial and IT property related to the community, together with detailed traits and communication actions. The 2-in-one resolution is way less complicated and more cost effective than CPFL’s different alternate options: shopping for separate visibility equipment for every substation or else replicating community visitors to a management middle with a centralized visibility equipment. Cisco’s industrial switches meet utilities’ stringent necessities, together with the power to face up to harsh environments, IEC 61850 certification to function in high-voltage environments, and help for industrial protocols like DNP3 and Modbus TCP/IP.

Quick payoff: 20 malware infections found

At present each transmission and distribution substation has been upgraded to Cisco Catalyst IE3400 Rugged Sequence switches with built-in Cyber Imaginative and prescient. With a look on the Cyber Imaginative and prescient console, CPFL’s operations staff can view an in depth stock of all related IEDs and workstations, together with their software program vulnerabilities.

“Straight away Cyber Imaginative and prescient recognized greater than 20 circumstances of malware within the OT community, in addition to many unneeded communication actions and protocols we might shut down to scale back the assault floor,” mentioned Emerson Cardoso, CPFL’s chief info safety officer. “We now have visibility into our vital grid community, step one towards mitigating vulnerabilities and bettering our safety posture.”

Actual-time alerts: those that rely

CPFL’s safety analysts now obtain real-time alerts about vital occasions as a result of CPFL built-in Cyber Imaginative and prescient with its safety info and occasion administration (SIEM) system. To keep away from alert fatigue and ensure vital occasions are addressed shortly, the IT and OT groups labored collectively to outline 20 sorts of safety occasions that generate alerts. “Cyber Imaginative and prescient helped us overcome the problem of integrating OT into our safety operations middle (SOC),” explains Cardoso. “Our safety analysts now have visibility throughout each IT and OT to behave on the alerts, handle dangers, and implement safety insurance policies all through our networks.”

Whereas deploying the brand new Cisco industrial switches, CPFL additionally deployed Cisco Safe Firewalls to filter industrial community visitors between substations and management facilities. This gave IT the power to comprise malicious actions and keep away from threats to unfold to the complete infrastructure within the case a breach happens.

Award-winning challenge benefiting operations, IT, and clients

With its new Cisco industrial switches, Cyber Imaginative and prescient, and Cisco firewalls, CPFL solved a number of challenges that utilities have struggled with for years. Operations groups gained visibility into grid property and complied with a brand new regulation for vulnerability evaluation and danger administration. IT modernized substation networks and might monitor and comprise threats to transmission and distribution operations.

The Brazilian cybersecurity group has taken word, recognizing CPFL and Emerson Cardoso as Nationwide Safety Leaders of 2023. The award calls out CPFL’s complete method to cybersecurity and efficient collaboration between OT and IT. In Cardoso’s phrases, “Having strong cybersecurity protections not solely helps mitigate dangers and shield our staff, it additionally ensures we will higher serve our clients.”

Learn the complete case research right here.

Study extra

Share: