Infrastructure, specifically the utilities sector, must adopt a Zero Trust approach as ongoing cyberattacks by remote actors become more and more prevalent—threatening to disrupt everyday life. Credit: Thinkhubstudio Cyberattacks on utilities more than doubled from 2020 to 2022. It’s likely the case that the rapid growth of connected assets is outstripping security capabilities. One analyst firm predicts that by 2026, industrial organizations will have more than 15 billion new and legacy assets connected to the cloud, internet, and 5G. Security and IT leaders at utilities should consider a Zero Trust approach as they confront this threat. Zero Trust is a popular cybersecurity strategy that eradicates implicit trust and continuously validates every stage of a digital interaction. It’s a practical and helpful way to keep networks, assets, and remote operations secure. Three factors complicating utility cybersecurity Utility companies rely heavily on operational technology (OT) networks, which today contain many legacy devices that weren’t intended to be connected to the internet and so they weren’t built with security in mind. These are technologies that largely lie behind the scenes and go unpatched and non-updated. This can make securing utilities especially challenging. Another factor adding to the challenge is the rise of remote operations as it requires granting access to employees, vendors, and partners who may be accessing data, devices, and facilities from anywhere in the world. Many industrial control systems (ICS) and SCADA assets possess external connections. Some third-party vendors, for instance, remotely support, update, and maintain industrial equipment and systems. They can efficiently and effectively find and fix issues, which reduces downtime so that critical infrastructure can remain in continuous operation. Yet ironically, this activity also creates a security vulnerability. Creating a Zero Trust environment The Zero Trust model helps to create a full inventory of connected devices and informs security teams about any anomalous network behavior. This model makes it easier for Utilities to keep their remote workers secure across a broad swathe of functions and responsibilities. This is possible because Zero Trust provides a standardized framework for safeguarding the plethora of devices and sensors within and outside a plant. Three of the main Zero Trust principles that help utilities are: Begin with comprehensive visibility: You can’t protect what you can’t see. Get a comprehensive and accurate view of your OT threat surface for your organization. Implement least-privilege access control and segmentation: Partition your OT networks so that they are separated from the internet and corporate IT. Make sure every user has the least access possible to fulfill their job roles. Constantly verify trust and inspect security: Make sure your security system can continuously inspect all network traffic and verify the security of all users, OT assets, and applications. Improving remote operations with Zero Trust Utilities, which the federal government considers part of the nation’s critical infrastructure, must get these authentication, access, and connectivity issues solved. Attacks against these entities aren’t theoretical. Earlier this year, 22 energy firms were hacked in a coordinated effort against Denmark’s critical infrastructure. The attack was discovered quickly, without impact on customers, but it could have left more than 100,000 people in Denmark without power in a worst-case scenario. And similar types of attacks will continue to occur, making vigilance and secure remote access critical. With a thorough Zero Trust framework, utilities can better: Create secure remote work access – Both in-house and remote workers benefit from a Zero Trust approach, from design engineers to sales staff to business partners and other third parties. Contractors or other third parties could be using unmanaged devices, which makes this approach particularly important. Have dependable access and management – Across all cloud applications, OT, and IT, users only have to learn one interface, and network admins only have to manage one system. This approach minimizes potential loss of data and errors by limiting access to only what users need to do their jobs. Continuous inspection – A total Zero Trust framework not only controls access, but continuous and advanced security inspection allows legitimate traffic while foiling threats. Because Zero Trust helps lower the time related to buying, implementing, and operating a distributed remote access environment, this approach also benefits an organization’s bottom line. Making remote work in utilities secure As utilities manage an expanded network surface and more remote and hybrid employees, it’s becoming increasingly difficult for security and IT staff to address all the new challenges that these changes bring. The saying “trust, but verify” may have made sense before the age of computers, but not anymore. Today, organizations are better served by a new saying: trust nothing, verify everything. The critical infrastructure sector, of which utilities are a part, must adopt the Zero Trust approach as ongoing cyberattacks by remote threat actors – or innocent employee and partner mistakes – escalate the threat level. The journey of a thousand miles begins with a single step, and this journey towards Zero Trust can take some time, but it’s one that utilities must take. To learn more, visit us here. Related content brandpost Sponsored by Palo Alto Networks M&A action is gaining momentum, are your cloud security leaders prepared? Direct visibility is critical in M&A, and cloud-native application protection platforms (CNAPP) are ideal to provide this capability. By Amol Mathur, SVP & GM of Prisma Cloud, Palo Alto Networks Apr 25, 2024 4 mins Cloud Management brandpost Sponsored by Palo Alto Networks Web browsers: Reimagining remote work needs at the enterprise level What sets enterprise browsers apart? They are designed from the ground up as a security product with productivity in mind. Learn more today. By Ofer Ben-Noon, SASE CTO, Palo Alto Networks Apr 19, 2024 4 mins Cloud Computing brandpost Sponsored by Palo Alto Networks 3 business benefits of stronger security using Zero Trust principles Today’s security solutions can enable better, faster ROI. Read on to learn more. By Navneet Singh, Vice President of Marketing, Network Security, Palo Alto Networks Mar 06, 2024 6 mins Security brandpost Sponsored by Palo Alto Networks 3 data security disciplines to drive AI innovation If organizations do not have the appropriate security protections in place, they instantly become a prime target for cybercriminals. It’s time to confidently explore and innovate with AI without fear of compromising the organization as a whole. By Dan Benjamin, Sr. Director of Product Management, Palo Alto Networks Mar 01, 2024 4 mins Artificial Intelligence PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe