Protecting our electric grid from the growing number of cyberthreats is critical to keep society functioning. Most utility industrial control systems (ICS) were originally designed using local area networks (LAN) that weren’t connected to any Internet-facing devices. Although this didn't guarantee complete security, it did create an “air gap” by physically separating the devices from other Internet-connected devices. Now, the demand for increased efficiency and remote monitoring capabilities has required these once isolated networks to be integrated with other Internet-facing networks. These new smart grid technologies expose these networks to a growing number of malicious actors targeting ICS for financial gain or nation-state objectives.
Two of the most difficult challenges associated with securing utility ICS networks, and complying with NERC CIP, are maintaining an accurate, up-to-date asset inventory list and performing security monitoring of grid-edge devices. These capabilities are fundamental to help ensure the overall security, safety and reliability of the grid, and also to avoid regulatory fines. Asset inventory is something that both information technology (IT) and operational technology (OT) professionals in the utility industry can agree is not an easy task. Historically, it has been very costly, time-consuming and labor-intensive, often requiring multiple physical site visits. However, keeping an accurate asset inventory is critical because without knowing what you must secure, all future threat modeling activities, cybersecurity strategy development, and remediation activities may be incomplete or ineffective.
Fortunately, advancements in network security monitoring and protocol deep packet inspection now allow asset owners to non-intrusively obtain real-time asset inventory information from devices communicating over serial or TCP/IP based communication channels by utilizing the built-in capabilities of grid-edge devices. Not only does this added level of visibility help provide an accurate and up-to-date asset inventory, but it also continuously monitors the network to detect both cybersecurity and operational risks. Implementing a non-intrusive OT network monitoring solution, such as Forescout’s SilentDefense, can help utility asset owners maintain an accurate asset inventory list in real time and stay compliant with NERC CIP, while also protecting the grid’s edge from cyberthreats.
To learn more about how SilentDefense can help you leverage existing network infrastructure and investments to gain more efficient operations, simplified compliance, and cybersecurity benefits, visit us at booth #4049 next week during DistribuTECH and look out for our upcoming blog series on how Forescout can help you stay compliant with NERC CIP.