It’s official, supply chain attacks are on the rise and the power grid is a prime target. And it is no longer just your software and hardware suppliers that are being used as doorways into the grid. There is increasing evidence that service providers such as accountancy firms, legal firms, cloud providers, outsourced IT providers, security and SOC providers among others, are at equal risk of being used by bad actors to gain a foothold into the grid and deliver exploits that can turn out the lights and do serious damage to our economy.
During our September 2021 CyberAware webinar Combatting Supply Chain Attacks which took place earlier this week, speakers from Accenture, Nozomi Networks and the FBI brought us up to speed on the rate at which supply chain attacks are now taking place within the power grid environment and provided crucial advice and guidance on what more your security and procurement teams can do to drive higher levels of security through your supplier ecosystem. The programme also addressed how the entire power grid ecosystem can work more collaboratively with law enforcement to report suspected breaches as early on in the process as possible, and even in the absence of forensics, so that suspicion can be turned into investigation, and result in the aversion of incidents that could otherwise cause serious harm to our societies and economies.
With a host of industry standards, supplier management frameworks, technical solutions, and legal advice now available to help power grid operators fully secure their supply chains and protect the grid from bad actors, what really needs to be worked on is the partnership between the power grid and law enforcement agencies.
When incident response, recovery and reporting become more fully supported by law enforcement, and when grid operators shift their perspective of early incident reporting from reputation damage to reputation enhancement, when we put the interests of wider society above the interests of our individual organisations, we will begin to build a supply chain firewall that will be impenetrable by bad actors of all shapes, sizes and flavours.
As with any form of criminal activity, silence on the part of the victim is unfortunately compliance, and the fertile ground that breeds repeated and increasingly damaging attacks. In the current media climate where hackers are glorified and celebrated and victims are harshly judged and reprimanded, there is something seriously wrong with our societal systems, our organisational cultures, and our individual mindsets and moral codes, that needs much attention and re-wiring!
Isn’t it time we changed the narrative and balanced our technical efforts with our corporate social responsibility to report with more frequency and commitment? In the power grid environment where we have a duty to keep the lights on, it should never be too early to report, and never more reputation enhancing than when alerting our supplier ecosystem, our partners in law enforcement, and our would-be advocates in the media, to the possibility of societally damaging cyberattacks on the horizon.
Please enjoy the webinar replay, power point presentations and market reports linked below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations.
News, Views & Resources
REPORT: ENISA. Threat Landscape for Supply Chain Attacks.
The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. This report aims at mapping and studying the supply chain attacks that were discovered from January 2020 to early July 2021. Based on the trends and patterns observed, supply chain attacks increased in number and sophistication in the year 2020 and this trend is continuing in 2021, posing an increasing risk for organizations. It is estimated that there will be four times more supply chain attacks in 2021 than in 2020. With half of the attacks being attributed to Advanced Persistence Threat (APT) actors, their complexity and resources greatly exceed the more common non-targeted attacks, and, therefore, there is an increasing need for new protective methods that incorporate suppliers in order to guarantee that organizations remain secure.
To read the report, click here!
PRESENTATION: Accenture. Building a Cyber Supply Chain Risk Management Framework.
In this presentation Pedro Fernandes of Accenture addresses the topic of: Developing a framework to effectively enforce end-to-end supply chain cybersecurity within the power grid environment. Issues addressed include: Leveraging the latest standards to ensure full supply chain cybersecurity compliance with regulatory demands. Re-organising and interworking internal departments and systems to ensure effective alignment with best practice in supply chain cybersecurity policies and procedures as the supply chain attack threat intensifies. Enforcing tougher cybersecurity standards compliance and 3rd party testing across your supplier ecosystem.
PRESENTATION: Nozomi Networks. OT and IoT Security and Visibility for Substations and Power Grids.
In this presentation Julian McMenamin addresses the topic of: Ensuring high levels of security and privacy for remote supplier access to your IT and OT infrastructure. Issues addressed include: Applying advanced threat modelling techniques to develop a supply chain security framework that effectively mitigates the risk of supply chain attacks in the most complex supplier ecosystems. Implementing state of the art network segmentation and intrusion monitoring approaches to prevent the lateral movement of attackers and contain their harmful effects once within defender networks. Compounding the power of intrusion monitoring through the application of AI&ML solutions.
PRESENTATION: FBI. What to Expect When Working With the FBI.
In this presentation David Eisenreich address the topic of: Working in partnership with law enforcement to establish a robust incident response, recovery and reporting framework, effectively contribute to the intelligence pool, and support the attribution process. Issues addressed include: Evaluating lessons learnt from incident response, recovery and reporting experiences relating to recent supply chain attacks in the energy sector. Establishing an incident response framework that enables you to speed up recovery without damaging forensic evidence required to support the attribution process. Working in partnership with law enforcement to get ahead and stay ahead of the bad actors.
WEBINAR: Smart Grid Forums. Combatting Supply Chain Attacks
In this 60-min webinar we uncover the latest trends in supply chain attacks and determine how these are likely to evolve in the next 2-3 years. We assess the current cybersecurity priorities of leading power grid operators and where supply chain cybersecurity must be positioned. We identify the regulatory, technological, policy, process and people issues that must be addressed to effectively enforce end-to-end supply chain security. And we address the incident response, recovery and reporting strategies that will ensure grid operators partner effectively with law enforcement to get ahead and stay ahead of the bad actors.
To watch the webinar replay, click here!
CyberAware Webinar Series
Click here to watch the replay of the Navigating the Threat-Scape webinar
Click here to watch the replay of the Combatting Social Engineering webinar
Click here to watch the replay of the Combatting Ransomware Attacks webinar
Click here to watch the replay of the Combatting Supply Chain Attacks webinar