The New York Times recently reported that a cyberattack on a shared data network forced four US natural gas pipeline operators to temporarily shut down computer communications with customers. Oneok, Energy Transfer Partners, Boardwalk Pipeline Partners and Eastern Shore Natural Gas (a Chesapeake Utilities subsidiary) all reported communications system interruptions earlier this spring. While there was no confirmation as to whether customer data was stolen, this incident brought to light vulnerabilities within the US energy system.
This news follows a ruling issued on April 19 by the Federal Energy Regulatory Commission (FERC) requiring utilities to implement security controls on portable devices that interact with “low-impact” systems, or those that utilities deem less critical. FERC also ordered the revision of power reliability standards “to mitigate the risk of malicious code” stemming from these devices.
Meanwhile, the Department of Homeland Security warned that “Russian government hackers have their sights on U.S. energy firms”. The FERC’s tightening of security controls further down the grid is expected to have a significant impact on how large portions of this industry approach cybersecurity. The oil and natural gas industries are expected to be particularly impacted as the FERC’s ruling mandates additional cybersecurity compliance for less-critical substations and generators.
The law aims to address the security of IoT deployments of all size and scope, requiring each individual IoT sensor, control or device to be secure, rather than only securing the overall system. The number of IoT devices employed in the energy industry are numerous, including IP-enabled personal communication devices, sensors, laptops and surveillance and security cameras.
Many utility companies and energy firms may find it difficult to enact the new FERC security controls, particularly compared to the level of security they had to uphold in the past. There is also likely to be uncertainty among security professionals regarding the actual requirements of the law, and available options in terms of vendors and security products.
GoSilent extends security, privacy and control to end point devices through the means of a fast, inexpensive and highly flexible security solution. From laptops, sensors and surveillance cameras to power controls, GoSilent connects and secures any IP-enabled device from any location and provides out-of-the-box functionality including: mobile firewall, VPN and WiFi with an intrusion detection and prevention system capability. GoSilent requires only 5 milliamps of power to operate, and its functionality is packed into an aluminum casing that measures just 2×2 inches. GoSilent extends the peace of mind of your network endpoint without incurring the cost and infrastructure to skyrocket. To learn more about how GoSilent can help safeguard your organization’s intellectual property and mission-critical documents, download the GoSilent product overview and use studies.