Amping Up Cyber Defenses for Critical Energy SystemsJune 2019
Topics: Cybersecurity, Critical Infrastructure Protection, Cyber Threat Intelligence, Energy Management, Resiliency
When you think about threats to our power grid, you may think of peak energy demand in cities causing brownouts or natural disasters disabling the power supply.
But what about cybersecurity threats to the basic infrastructure? The nuts and bolts of the energy grid are vulnerable, too. That's something MITRE's Otis Alexander thinks about all the time.
And that's why he's become a driving force in identifying critical cybersecurity needs in the energy sector. His work fortifying the cybersecurity of the industrial control systems (ICS) that run the world's most critical infrastructures is fundamental to ensuring a resilient energy system.
Since joining MITRE in 2014, Alexander has become a sought-after expert in ICS and operational technology security. And through his work and research, he's helping to bring cybersecurity resilience to our nation's energy infrastructure.
The ICS Threat Model Helps Recognize Risks
"The problem is that the ICS—like those used in electric power substations—currently lack the capability for active defense of their systems from cyber adversaries," Alexander says. "To build those defenses, it's critical we understand potential and past cyber adversary behavior."
Plus, you need to do more than recognize a cyber attack when it happens. It's also about maintaining critical functions—cyber resiliency—after your systems have been infiltrated. That's a key reason why his research builds on MITRE's core cybersecurity expertise to address risks in the energy arena.
"I'm passionate about advancing cybersecurity in the energy sector, so I championed the development of an ICS threat model," he says.
The ICS threat model builds on ATT&CK™—a MITRE developed, globally accessible knowledge base of cyber adversary tactics and techniques based on real-world observations.
Industry-Wide Collaboration Leads to Protection
Part of his mission involves disseminating cyber adversary behavior about the energy sector. It's having a ripple effect.
"We've shared that ICS threat model with the energy industry," Alexander says "It's helping drive security monitoring and analytics in the ICS domain. That's leading to better detection of cyber attacks and better response to those attacks."
In his research, he's partnered with the Electric Power Research Institute, the Gas Technology Institute, the Pacific Northwest National Laboratory, and other utility partners on projects. "We're demonstrating the impacts of cyber-induced failures on critical ICS infrastructure," he says.
Alexander knows that cybersecurity and resilience to cyber attacks in the energy domain rank among the nation's most important security challenges.
"Cyber attacks on power stations, oil refineries, and other elements of the world's energy infrastructure have the potential to cripple the affected community. The effects of an attack on utility distribution systems could be like those of a natural disaster, such as a hurricane," he says.
A Challenge that Demands Collaboration
Much of the energy infrastructure is privately owned, which adds to the problem's complexity. That's why MITRE—the operator of several federally funded research and development centers—has such an impact on fortifying ICS. We have both the objectivity and expertise to help develop and implement critical infrastructure cybersecurity and resilience across the government enterprise.
Alexander explains, "First, we need to work with the energy sector to better understand their systems and vulnerabilities. Second, we need to understand cyber attackers' methods for compromising these systems—as well as the methods and tools for combatting those attacks and being resilient to them. Protecting these vital infrastructure systems definitely makes the world a safer place."
While we're starting with the energy sector of ICS, there are also tremendous opportunities with other critical infrastructures like water and transportation. It was this potential for having such a widespread impact that led Alexander to MITRE five years ago. It's also why he stays.
"I'm proud to have helped build an awareness of ICS security threats and mitigations. I know that using the ICS threat model to develop cyber resilience will help us keep our critical energy systems up and running."
—by Marlis McCollum and Kay M. Upham