IT Vortex - Managed IT Services

Securing OT in the Energy and Utilities Sector

August 15, 2019 by Rick Peters – Operational Technology Global Enablement Director, Fortinet

As infrastructures for energy and utility companies undergo digital transformation, they are increasingly vulnerable to cybercriminals. Convergence-enabled cyberattacks—where criminals exploit traditionally isolated operational technology (OT) devices through their new connections to the IT network—may be motivated by the desire to hijack and demand ransom for services, steal trade secrets through industrial or national cyberespionage, or commit cyberterrorism or engage in cyberwarfare.

Fortinet Operational Technology Global Enablement Director Rick Peters

In September 2018, the U.S. Congressional Research Service reported on the cyber threat to the energy and utility sector, identifying specific vulnerabilities. Risks include vulnerabilities in Industrial Control System (ICS) networks, malware, the IoT, supply chain risk and human risks, such as falling for phishing attacks. Several strategies can address these risks:

Start with zero trust. Investigate and qualify every device and user to determine what resources they have access to, what privileges they enjoy and what harm they could cause if their access was compromised.

Implement segmentation. Zero-trust architectures start by assuming that a user, device, or process has already been compromised. Zero-trust policies start with device, user and application segmentation to limit the impact of a breach.

Deploy security for ICS/SCADA. Identify and deploy security tools with specific ICS/SCADA-aware functionality, support common ICS/SCADA protocols and provide additional vulnerability protection for major ICS manufacturers. In addition, deploy industrial-grade, compliance-ready (IEC61850 EMI, Thermal and Vibration standards) security tools designed for the harshest environmental conditions.

Execute business analytics. Achieving visibility through earned trust and control via segmentation are solid first steps. The next step of detecting and neutralizing any malicious or unknown event requires threat analysis at speed. This starts with a proactive posture that enables detection, quarantine and detonation, combined with real-time cyber intelligence reporting and advanced behavioral analytics, to find and defuse an attack before it can impact live operations. Your operations must be able to outmaneuver any cyber adversary via a continuous trust assessment that employs at-speed analytics.

New vulnerabilities will emerge. The rapid expansion of the attack surface due to IT/OT convergence has attracted cyber adversaries to the energy and utilities sector. Complicating matters further, OT environments are especially difficult to defend against cyberattacks due to the vulnerability and fragility of systems in place, and the common use of implicit trust models.

These trusted systems can extend from upstream (exploration) to midstream (transportation and storage) to downstream (refining and distribution) OT infrastructures. The risks to utility networks range from regulated power generation to transmission to retail electricity distribution.

Clearly, a new OT security strategy is needed. Zero trust, segmentation, purpose-built solutions and a clear understanding of the scope of the challenge are the building blocks your organization needs to proactively outmaneuver cybersecurity adversaries and to ultimately sustain a proactive defense for highly valued OT system assets.

About the author: Rick Peters has three decades of cybersecurity experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). Fortinet, Sunnyvale, Calif., delivers integration security solutions for global enterprise, mid-size, and small businesses.

Share this post

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions



Tech Tips, Cyber Threat Mitigation, Cutting Edge Technology, Cost Savings and More!



 

IT Vortex, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. You will consent to us contacting you for this purpose, by submitting the form.

Apply for this position

Fill out the form below and our hiring team will reach out to you as soon as possible



zoom-logo

We use Zoom extensively to meet internally and externally. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

wasabi logo

Wasabi is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

vmware logo

Our Datacenter is built on a VMWare architecture. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

veeam green logo

Veeam is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Trend Micro Logo
Solarwinds Logo

Solarwinds is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Proofpoint essentials Logo

Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

observe IT Logo

ObserveIT/Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

NEAT Logo

We use NEAT extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

mitel logo

Our telephone platform of choice. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

microsoft logo

Various Microsoft technologies are offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

ingram micro cloud logo

Our distribution preferred partner for our technology offerings.

Fortinet logo

Fortinet is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

DTEN logo

We use DTEN extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dropbox logo

We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dell logo

Dell servers are a key component offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Condusiv Technologies logo

Condusiv Technology is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Cisco logo

Cisco Technology is offered in our Cloud Hosting Platform via DUO for MFA. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Barracuda Logo

Barracuda Technology is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Amazon_Web_Services_Logo

IT Vortex partners with AWS via VMware for the VMware on AWS offering that allows for cloud services fulfillment via AWS utilizing the same VMware products many companies already enjoy the benefits from.

ACTI Logo

Technology Reseller and Distributor, Certified Implementation Expertise with all ACTi products and services. IT Vortex has worked with ACTi for over a decade implementing security camera solutions for a multitude of industries with AI, Facial Recognition, License Plate Recognition, Loitering Detection, Cloud storage, and more.

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions



microsoft logo

Name of the partner

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco

Security as a Service (SECaaS) by IT Vortex

Pricing Calculator

Choose a service, answer a few simple questions, and receive an individual quote for our services

User count by type

Fill out the form and we will call you to answer all your questions