In the US, the Cybersecurity & Infrastructure Security Agency (CISA) has identified 16 critical infrastructure sectors ranging from Food and Agriculture to Manufacturing, Communications, Public Health, Transportation, and Energy & Utilities. These sectors are so vital that any incapacitation or destruction would have a debilitating effect on the nation’s stability. Among these sectors, the Energy & Utilities sector stands out for its foundational role in supporting all the others.  A reliable energy supply is crucial for economic growth, public health, and national welfare. Witho…

Utility security professionals know it takes a multilayered approach to have effective security. What might not be known is just how multilayered the financial impact of false alarms can be to a utility. We sat down with Yaron Zussman from Magos to talk about the bottom-line costs of false alarms and what your organization can do to ensure they are minimized.   Utility Security: What are the biggest challenges utilities face when it comes to implementing a perimeter security strategy that minimizes false alarms? Yaron Zussman: One challenge I often see is that organizations mi…

As headlines continue to reinforce, cyberattackers are increasingly putting utilities’ operational technology (OT) and Internet of Things (IoT) security to the test—some with the intent of disruption at a societal scale. A recently issued warning by U.S. and international cyber authorities cites efforts by pro-Russian hacktivists to exploit vulnerable OT systems at utilities across North America and Europe. The decentralized nature of U.S. utilities means a wide variety of cybersecurity maturity for individual targets. Authorities ask that utilities shore up protections to their internet-conn…

What a year it has been! We here at Utility Security magazine are proud of the year one success of this publication. After 20 years serving the utility industry with our safety publication, Incident Prevention magazine, and our fleet management publication, Utility Fleet Professional, we know from experience that a launch is no easy feat. Our first priority has always been to make sure we are serving you, the reader, with the content you need. And going into this challenge, I really had no idea just how complex and difficult it is to fully and adequately protect utilities. The threats and…

Ahead of Utility Security magazine attending the Utility Technology Association’s (UTA) annual conference earlier this year in October, we had a chance to speak with the organization’s president to learn more about the UTA, their annual event and what cybersecurity concerns are shaping their members’ discussions and efforts.   Can you tell our readers about the UTA and what the organization is doing to help propel security in the utility segment?  The UTA was originally formed back in 1981. At its core, it is a technology support group that focuses on new and innovative ideas to…

Utility and critical infrastructure protection will have a prominent role at ISC East in November. With its location in New York City and a regional reach from Boston to Washington, D.C., ISC East—the smaller brother of the nation’s largest security trade show, ISC West—this year will be putting extra emphasis on critical infrastructure and the technology that is utilized to protect it. Multiple conference sessions will examine the topic, with analyses of the threats that cyberattacks, drones, domestic violent extremists (DVEs) and additional factors pose to the nation’s power, water, gas…

Will your critical substation survive an attack? How would you know? We install security systems to protect our substations. Critical sites would likely include some kind of barrier, like a fence or a wall; a video surveillance system (VSS); an access control system, combining a locking mechanism with a card reader or PIN pad; lighting; a security monitoring center; and some kind of response force, such as a mobile patrol or police. How do you know that they will work? We commission systems after they are installed. We check that the fence was installed according to the contract. We…

The theft of copper from unmanned substations threatens public safety and the reliability of the supply of electricity. The best way to fight this is with a strategy that involves utilities, the community, vendors and other electricity sector asset owners/operators. A campaign of this scope needs executive attention and support. It is too important to leave to the security department. The strategy that we employ in security in our sector is a simple one that has three components: We harden our assets. We train our people. We shift from a reactive to a proactive approach. Hard…

The Greek historian and general Thucydides stated, “Hope is an expensive commodity. It makes better sense to be prepared.” This statement is as true today as it was 2,500 years ago. For utility security professionals, this maxim speaks to the nonchalant attitude toward substation and infrastructure security that many of us have or face from within our organization. But hope is not a defense. We face serious threats that require serious responses. Regardless of location, size or organizational makeup, the threats we face are growing in intensity and sophistication. Some of these evolving…

It is not “if” but “when” for a major and nefarious event happens involving Small Unmanned Aircraft (sUAS) like drones. There is a distinct lack of urgency across all levels of government about security, safety and emergency preparedness given the rise of drones and their rapidly maturing capabilities and demonstrated use cases. The question is: are we paying attention? Look at the increasing news reports about how these platforms are disrupting security and safety almost daily. In 2023 alone, there was an uptick in these events. Look no further than the New Hampshire incident during which a…

As the Assassination Attempt that happened on July 13th Demonstrated, a Failure of Clarity, Communication and/or Consistency Can Lead to Devastating Consequences. It’s Vital that Your Substation Security Strategy Offers Certainty in All Three Areas. Albert Einstein once said, “Any fool can know. The point is to understand.” I often refer to this quote in the training programs I conduct because I believe it holds true for utility security in general, especially when it comes to effective substation security. That’s why my previous articles have focused on the more abstract aspects of substa…

In a moment of serendipity, as I was planning out content for this issue, I took a moment to scroll through LinkedIn when I saw a post by Shawn Wallace that said he and Glenn Engel would be presenting an educational session at GSX. The session topic Wallace posted about has the title “Threats to Critical Infrastructure Sites: How to Evaluate Risk and Prioritize Spend to Close Vulnerabilities.” I immediately thought of how the topics in this session would also be great for this column, especially since this is our GSX-focused issue—and more so because these topics really hit at the heart of th…

The Cybersecurity & Infrastructure Security Agency (CISA) recently launched a Secure By Design initiative that provides guidance for software manufacturers to ship software solutions with security as a core consideration from the earliest stages of their development cycles. We talked with CISA’s Matthew Rogers about the process of building out the initiative and how it will impact utility security. Utility Security Magazine: Tell us more about what inspired this Secure by Design initiative. Matthew Rogers: So, it was in part inspired by a foreign affairs article titled ‘Stop Passi…