Cyberattacks on electrical energy utilities are on the rise. From 2020 to 2022, weekly assaults greater than doubled. An assault that exploits a vulnerability in clever digital gadgets (IEDs) like energy distribution models, relay, and circuit breakers can flip off the lights in a neighborhood or total metropolis. On the floor, it appears easy sufficient to remediate vulnerabilities as quickly as they’re reported—for instance, by upgrading firmware. Truth is, detecting and remediating vulnerabilities in operational expertise (OT) poses a supersized problem for utilities.

Take CPFL Energia, a Brazilian utility with 10.3 million clients. CPFL wished to spice up the safety posture at its 600+ distribution substations, the place high-voltage electrical energy is remodeled to decrease voltage for distribution to properties and companies. The roadblock? You may’t safe what you possibly can’t see, and CPFL’s operations staff was at nighttime about precisely what IEDs have been deployed in substations. Simply setting foot in a substation in Brazil requires a prolonged approval course of, so some substations hadn’t been visited for months. OT visibility turned pressing In 2021, when nationwide grid operator ONS required utilities to conduct a cybersecurity vulnerability evaluation.

Operations and IT groups be part of forces

The utility’s operations staff knew it didn’t have cybersecurity know-how to evaluate and mitigate threat. The IT staff had the cybersecurity know-how however didn’t perceive the finer factors of substation operations, like which industrial protocols may very well be blocked to shrink the assault floor. So, operations and IT determined to staff up, pooling their strengths. The IT staff noticed the OT safety venture as a chance to satisfy one other longstanding objective—upgrading the growing old switches at substations to make the most of advances like energy over ethernet (PoE) and administration automation.

OT visibility and switching in a single field, with Cisco industrial switches

CPFL achieved each objectives—vulnerability evaluation and community modernization—with one resolution, Cisco industrial switches. Included on the switches is Cisco Cyber Imaginative and prescient, a software program which robotically identifies all industrial and IT property linked to the community, together with detailed traits and communication actions. The 2-in-one resolution is far less complicated and more cost effective than CPFL’s different options: shopping for separate visibility equipment for every substation or else replicating community visitors to a management heart with a centralized visibility equipment. Cisco’s industrial switches meet utilities’ stringent necessities, together with the power to resist harsh environments, IEC 61850 certification to function in high-voltage environments, and assist for industrial protocols like DNP3 and Modbus TCP/IP.

Rapid payoff: 20 malware infections found

Right now each transmission and distribution substation has been upgraded to Cisco Catalyst IE3400 Rugged Sequence switches with built-in Cyber Imaginative and prescient. With a look on the Cyber Imaginative and prescient console, CPFL’s operations staff can view an in depth stock of all linked IEDs and workstations, together with their software program vulnerabilities.

“Immediately Cyber Imaginative and prescient recognized greater than 20 circumstances of malware within the OT community, in addition to many unneeded communication actions and protocols we might shut down to cut back the assault floor,” stated Emerson Cardoso, CPFL’s chief data safety officer. “We now have visibility into our important grid community, step one towards mitigating vulnerabilities and enhancing our safety posture.”

Actual-time alerts: those that rely

CPFL’s safety analysts now obtain real-time alerts about important occasions as a result of CPFL built-in Cyber Imaginative and prescient with its safety data and occasion administration (SIEM) system. To keep away from alert fatigue and ensure important occasions are addressed shortly, the IT and OT groups labored collectively to outline 20 sorts of safety occasions that generate alerts. “Cyber Imaginative and prescient helped us overcome the problem of integrating OT into our safety operations heart (SOC),” explains Cardoso. “Our safety analysts now have visibility throughout each IT and OT to behave on the alerts, handle dangers, and implement safety insurance policies all through our networks.”

Whereas deploying the brand new Cisco industrial switches, CPFL additionally deployed Cisco Safe Firewalls to filter industrial community visitors between substations and management facilities. This gave IT the power to comprise malicious actions and keep away from threats to unfold to your entire infrastructure within the case a breach happens.

Award-winning venture benefiting operations, IT, and clients

With its new Cisco industrial switches, Cyber Imaginative and prescient, and Cisco firewalls, CPFL solved a number of challenges that utilities have struggled with for years. Operations groups gained visibility into grid property and complied with a brand new regulation for vulnerability evaluation and threat administration. IT modernized substation networks and may monitor and comprise threats to transmission and distribution operations.

The Brazilian cybersecurity neighborhood has taken word, recognizing CPFL and Emerson Cardoso as Nationwide Safety Leaders of 2023. The award calls out CPFL’s complete method to cybersecurity and efficient collaboration between OT and IT. In Cardoso’s phrases, “Having strong cybersecurity protections not solely helps mitigate dangers and defend our staff, it additionally ensures we are able to higher serve our clients.”

Learn the complete case research right here.

Be taught extra

Share: