Most attacks penetrate through the information technology (IT) side of a utility or supplier, with attackers then learning enough to bridge to the operational technology (OT) side, directly affecting utility assets. In most situations, these networks are not actively monitored today, or monitored with enough sophisticated, intelligent software to defeat the attackers

A notable difference between networks and devices on the IT/Enterprise side of the business is that they follow standards² that make them relatively easy to monitor, and amenable to more advanced monitoring and control because of the standardization of communication protocols. Still, because attacker sophistication is steadily increasing, and the IT/Enterprise side of the business remains the preferred attacker entry point because it is relatively easy to penetrate, greater and more sophisticated monitoring is needed. Vendors providing solutions in this space are proliferating and offering various methods to stop attacks. Utilities will benefit by having an unbiased analysis and publication of Best Practices in this topic area – and a continuing cyclical review as vendors come and go.

¹ Operations where something less than “every minute of every day” uptime is acceptable.
² While this is true for Information Technology products and services in the past, the present exponential proliferation of IoT devices is problematic with regard to the competition between following any standards in favor of winning the lowest-cost battle in the marketplace.

Protect Our Power has partnered with University of North Carolina – Charlotte to develop vendor comparisons and guidance for this Topic. Contact Erick Ford at EFord@ProtectOurPower.org for more information.