Description:

Electric utilities include many communications networks that govern the actions of physical devices within these networks that are necessary to keep the grid operational. These communications networks exist on the Enterprise Information Technology (IT) side (normal business practices of any company) and the Operational Technology (OT) side (operations). Both are important, primarily because most attacks originate on the Enterprise (IT) side which contains networks directly connected to the Internet.

Attackers take the path of least resistance by entering via the Internet into an IT Network, then jumping to additional IT networks until they have secured enough information to jump to the OT side of the business that runs the grid. From there, they can repeat network-jumping until they have control over the equipment they wish to manipulate or damage.

Network segmentation divides the network architecture into logical, homogeneous networks with protection between them – generally firewalls. The separation of IT networks from OT assets is of critical importance because the OT assets run the grid.

IT/OT separation can be accomplished by an “air gap” (wherein they are not physically connected), firewall(s), or a Unidirectional Security Gateway (sometimes called a Data Diode). All three approaches can be breached by sophisticated attackers. Firewalls are particularly problematic because they are pure software, and software contains vulnerabilities (sometimes called “Zero Days”) that can be breached.

Although the initial focus of any segmentation effort is the IT/OT separation, segmentation within the overall IT and OT Networks is also highly advisable as a way to slow down an attacker. Any total network is only as secure as the least secure component on the network. Publication of Best Practices in this area will provide direction on processes to identify networks that should be segmented and how they should be secured to help deter or minimize attacker damage.

Educational Institution Connections:

Protect Our Power has partnered with the University of Houston to develop vendor comparisons and guidance for this topic. Contact Erick Ford at EFord@ProtectOurPower.org for more information.