The SolarWinds cyberattack on the US government supply chain impacted 18,000 organisations in one swift attack and set a precedent for the type of threat we can expect against the power grid in the near future. Whilst it is thought that 50% of cyberattacks are currently aimed at the supply chain of a target organisation, this number is set to rise sharply in the year ahead.
The rapid deployment of IoT and IIoT across the grid, minimal security vetting of new and existing suppliers, and mounting geopolitical tensions worldwide are just some of the elements creating the perfect storm for more intensive, extensive and damaging nation state attacks via a rapidly expanding power grid supplier ecosystem.
So, what can power grid operators do today to secure their supply chains and avert attacks that are being planned by nation state actors and cybercriminals alike? It boils down to ‘visibility’, of all the elements of your own infrastructure as well as that of your supply chain. Just a few of the recommendations include: 1) Regularly securing, patching and monitoring your network of IoT and IIoT devices, 2) Overhauling your supplier assessment framework to place cybersecurity at the heart of it, 3) Extending your cyber defence, detection, and response across your entire supplier ecosystem.
To assist in overhauling your supply chain security strategy, we are in the process of planning a Combatting Supply Chain Attacks webinar to take place at 16:00 CET on Wednesday 29th September 2021. Please mark your diary and we will keep you informed of programme developments and registration procedure in due course.
Please enjoy this week’s selection of news, views and resources below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations.
News, Views & Resources
WHITE PAPER: Paul N Stockton. Securing the Grid from Supply Chain Attacks.
A supply chain attack is a powerful cyberattack that can breach even the most sophisticated security defences through legitimate third-party vendors. Because vendors need access to sensitive data in order to integrate with their customers’ internal systems, when they are compromised in a cyberattack, often their customers’ data is too. And because vendors store sensitive data for numerous customers, a single supply chain attack gives hackers access to the sensitive data of many organizations, across many industries.
To review the white paper, click here!
REPORT: Crowdstrike. Securing the Supply Chain.
The bulk power system (BPS) faces increasingly severe threats from China, Russia, and other potential adversaries. Executive Order (EO) 13920, Securing the United States Bulk-Power System focuses on a threat of special significance for US security: the corruption of supply chains for BPS equipment, and the danger that adversaries will use compromised equipment to cut off the flow of power to Defense installations and other critical facilities.2 Countering this threat will require an innovative, comprehensive strategy to implement the EO.
To review the report, click here!
REPORT: Splunk. A Guide to Protecting Against Supply Chain Attacks.
A supply chain attack is a powerful cyberattack that can breach even the most sophisticated security defenses through legitimate third-party vendors. Because vendors need access to sensitive data in order to integrate with their customers’ internal systems, when they are compromised in a cyberattack, often their customers’ data is too. The SolarWinds attacks are just one example of why organizations must prioritize their security initiatives to detect and defend against these threats because it’s clear the likelihood of other large-scale attacks will only increase.
To review the report, click here!
PRESENTATION: Marthe Kassouf & Deepa Kundur. Understanding and Investigating Potential Supply Chain Attacks in IEC 61850 Substations.
This presentation was delivered at the Smart Grid Forums IEC 61850 Global 2020 conference, and addresses the evolution of cyberattacks against critical infrastructures, the supply chain vulnerabilities and attacks, IT/OT convergence-based cybersecurity enhancement, with a focus on real use-cases and practical recommendations.
To review the presentation, click here!
VIDEO: NCyTE Center. Introduction to Cyber Supply Chain Attacks and Risk Management.
In this introductory video, we define the term "supply chain," describe the supply chain problem, describe the phases or stages of the supply chain for a product, as well as provide two examples of cyber supply chain attacks. This series of videos is meant to provide an overview of applications of cybersecurity normally not discussed in information technology or cybersecurity courses.
To watch the video, click here!
CyberAware Webinar Series
Click here to watch the replay of the Navigating the Threat-Scape webinar
Click here to register to the Combatting Social Engineering webinar
Click here to register to the Combatting Ransomware Attacks webinar