Thanks to all who participated in our Combatting Ransomware Attacks webinar earlier this week. In this month’s newsletter we summarise the highlights of the presentations and discussions and provide links to the power point presentations and the webinar video replay below.
All things considered, it appears that ransomware attacks are on a sharp rise, and since the Colonial Pipeline event the power grid is becoming an increasingly attractive target to attackers. As a result, power grid Boards are now paying closer attention to how they can mitigate this risk and Governments are taking more immediate action to mandate reporting and strengthen policy, ensuring that power grid operators are better protected from future attacks.
Our first speaker, Roya Gordon, Energy Cyber Threat Intelligence Manager at Accenture in the USA laid out her analysis of the Colonial Pipeline attack and the implications for the power grid sector going forward. She explained that WFH has massively expanded the attack surface and provided the opportunity for attackers to access corporate networks through VPNs and Remote Desktop Protocol. At the same time cybercriminals have been re-organising and collaborating, enabling developers of ransomware tools to hook up with unskilled affiliates and launch many more attacks than has ever been possible before. And with organisations delaying their patching programmes, demonstrating a willingness to pay the ransom through cyber insurance, and being reluctant to report and share incident data for fear of reputation damage, there is fertile ground for repeated attacks on the power grid unless we collectively find bolder approaches to combatting this threat.
Our second speaker, Alexander Harsch, Head of Cyber Resilience Department at German utility E.ON shared how far up the Board’s agenda Ransomware has climbed since the Colonial Pipeline event. He discussed the importance of incident sharing within a trusted network, the technical mitigation strategies that he is now recommending to his group of utilities including robust network segmentation, reliable data backup approaches, effective incident response and recovery, among other technical priorities.
Our third speaker, Emil Gurevitch, Chairman of the Security Committee at OSGP Alliance addressed the importance of better risk management, more extensive cyber hygiene programmes, and more effective interworking of red and blue teams to monitor, deceive, and capture cybercriminals in the act.
Finally, an interactive Q&A session addressed issues such as: the rate at which the cybercriminal population is currently growing, for how much longer power grid operators can continue to separate their OT infrastructure from the web, what type of cyber hygiene methods will prevent future ransomware attacks, what role AI can play in threat prevention and detection, how widely deployed monitoring systems are in the power grid environment, what the implications of DER integration are for the power grid attack surface, and what resilience techniques have the potential to slow down, block, and identify cybercriminals who are targeting the power grid.
Please enjoy the power point presentations and webinar replay below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations.
News, Views & Resources
PRESENTATION: Accenture. Factors Driving the Explosion of Ransomware Attacks Worldwide.
In this presentation Roya Gordon, Cyber Threat Intelligence Manager at Accenture in the USA addresses the factors driving the explosion of ransomware attacks worldwide and how these trends are likely to impact power grid operations in the next 2-3 years. Issues addressed include: Profiling Ransomware-as-a-Service offerings and understanding how this trend is paving the way for more ferocious and frequent ransomware attacks against more complex IT and OT converged environments. Reviewing the most recent and widely spread ransomware attacks and determining lessons learnt that can be applied to the power grid. Predicting how next generation malware is likely to impact OT environments and what power grid cybersecurity leads must do now to get ahead of the threat.
PRESENTATION: E.ON. Robust Prevention, Detection and Response Strategies Against Ransomware Attacks.
In this presentation Alexander Harsch, Head of Cyber Resilience Department of E.ON in Germany addresses ways to develop a robust prevention, detection and response strategy against ransomware attacks in IT and OT converged smart utility environments. Issues addressed include: Leveraging advanced threat prevention techniques to build a multi-layered defence-in-depth technical strategy against ransomware attackers. Developing a highly reliable tamper proof data backup strategy to support business continuity in the event of a ransomware attack. Implementing a robust incident response strategy to support the attribution process with timely incident reporting.
PRESENTATION: OSGP Alliance. Technical Solutions to Guard Against Next Generation Ransomware Attacks.
In this presentation Emil Gurevitch, Chairman of the Security Committee at OSGP Alliance discussed the most effective technical solutions available to guard against next generation ransomware attacks against the power grid. Issues addressed include: Investing in an extensive social engineering awareness programme to build a robust human firewall against ransomware threats. Maximising the effectiveness of threat prevention and detection solutions. Guarding IT and OT converged environments from the threat of next generation ransomware attacks.
WEBINAR: SGF. Combatting Ransomware Attacks.
As cybercriminals shift their attention away from low value ‘spray and pray’ targeting methods to higher value ‘big game hunting’ approaches, power grid cybersecurity and engineering teams must prepare to fight a more ferocious and frequent cyber battle in the year ahead. In this 60-minute webinar, we explore how cybersecurity leaders can get on top of their cyber hygiene, implement a more reliable data backup strategy, develop a robust incident response procedure, refuse to pay the ransom, and pin their reputations to ‘fighting’ rather than ‘siding’ with cybercriminals, so that the power grid becomes unapproachable to thrill-seeking, havoc-wreaking, ROI-chasing cybercriminals!
To watch the replay, click here!
CyberAware Webinar Series
Click here to watch the replay of the Navigating the Threat-Scape webinar
Click here to watch the replay of the Combatting Social Engineering webinar
Click here to watch the replay of the Combatting Ransomware Attacks webinar