Behind the News: Texas Power Grid & Energy Sector Facing Elevated Russian Cyber Threats

As the war in Ukraine enters its second month, the fear of a Russian cyber attack on US critical infrastructure is quickly mounting. And the one state that embodies these fears is Texas, where local utility companies and key oil and gas transportation hubs were placed on high alert as Russian hackers have been probing the state’s energy infrastructure’s digital networks for weak points. (It’s worth mentioning that in 2021, an attack attributed to Russian hackers on the Colonial Pipeline Company caused it to shut down its pipeline, which originates in Houston, Texas.)

What makes Texas such a prime target for cyber-attackers?

There are a few concrete reasons why the power and energy sectors in Texas, more than in any other American state, are considered prime targets for Russian cyber-operatives:

• The state suffered a major power crisis in February 2021, as a result of three severe winter storms. These outages caused shortages of water, food and heat, left over 4.5 million homes and businesses without power, and killed scores of people. Beyond the financial losses, the state’s power sector had to deal with intense scrutiny over its preparedness and a blow to its reputation and credibility.
• The Texas power grid is unique in that it is not connected to either of the US’s two major national power grids, which made it difficult for the state to import electricity from other states during the crisis (Texas opted out of the national grid to avoid federal oversight).
• The Texas power grid has since the 1990s eliminated most regulations on power suppliers and transporters. While this cut operating costs, it also led to relatively low investment in OT security measures.
• The Texas power grid is highly diversified. Many of Texas’s power systems are in the form of DER (distributed energy resources) grids, which rely on a mix of carbohydrate and renewable (solar and wind) sources. (Texas governor Greg Abbott initially blamed the outages on frozen wind turbines and solar panels; however, the failure to winterize natural gas plants has been found to cause the grid failure.)
• Texas houses some of the world’s largest oil and gas facilities, from ports to refineries (both oil and liquefied natural gas) to transport depots. A debilitating attack on the state’s energy sector could cause shortages throughout the Americas, especially as oil and gas are at short supply due to the sanctions imposed on Russia.

Protecting critical power and O&G operations requires a multi-prong approach

• Threat detection & OT visibility: The conventional wisdom in the cyber-security industry is “You can’t protect what you can’t see”. And as OT networks become more and more complex and interdependent – and especially in slow-changing industries like power and energy supply – operators find it difficult to maintain awareness of all the networked devices, communication protocols, ports, etc. that make up the industrial operation. To this end, Intrusion Detection Systems (IDS) such as Radiflow’s iSID industrial threat detection & management platform can help operators better see their networks. iSID provides users a detailed “map” of all networked devices, down-drillable to all properties, vulnerabilities, protocols used, etc. Using this self-learned network model, iSID is able to detect anomalous communications that may indicate breach attempts, and apply highly-detailed and highly-customizable rules for blocking communications based on multiple criteria. iSID continuously updates its threat intelligence-based vulnerability and threat information databases, to ensure its ability to intercept upcoming and “beyond-the-horizon” threats.
• Specific considerations in protecting DERs (Distributed Energy Resources): DER grids dramatically increase the attack surface of power grid operators. Many DER IIoT devices lack the level of communication security offered by traditional utility systems; and small renewable power producers in DERs offer their output only periodically. The constant, real-time supply and transmission changes require a higher degree of ICS automation, which in itself introduces cybersecurity risks. In fact, Radiflow has worked with NISTon multiple projects developing tools and best practice methodologies in OT cyber-security and risk management, including Securing Distributed Energy Resources, which resulted in a comprehensive set of guidelines for protecting DERs (NIST Special Publication 1800-32).
• In-house or MSSP SOC: The need to set up a full-fledged SOC (security operations center) has caused industrial organizations in all sectors and industries to compete over a limited pool of OT security experts, making it hard to set up an effective in-house OT security unit. For this reason, many OT companies, especially small-to-medium industrial companies, opted to outsource their OT security to MSSPs, which provide 24/7 network monitoring and ongoing risk management, saving the need for the large initial outlay needed to set up a corporate SOC. (Radiflow’s solutions are all MSSP-ready, with instant access to all iSID servers and integrations with many asset management and data monitoring platforms.)
• Optimizing your OT cyber-security through risk assessment & management: You can’t protect your network against each and every threat on each operational unit, and you shouldn’t, since most threats aren’t relevant to your sector or region, and others may have no or little impact on operations. OT security planning and budgeting should be based on minimizing the impact of an attack (safety, financial, loss of reputation, etc.), not on preventing attacks per se. This is where Risk Management comes in.
• Management of Network Risk: Radiflow’s CIARA industrial risk assessment & management platform uniquely simulates numerous breach and attack scenarios, using a detailed digital image of the network and multiple threat intelligence sources, to provide key risk indicators as decision making tools, as well as a prioritized list of the most impactful threats and their corresponding mitigation measures, for optimizing the effectiveness of the OT security operation (better OT security per dollar spent), thus increasing its ROI.

Conclusion

Power and Energy companies – in Texas and around the world – have a very good reason to fear a debilitating cyberattack at this time. The good news is that effective protections are readily available, and are able to minimize the risk of shutdowns and outages. We invite you to contact us to learn how Radiflow can help you protect your industrial operations and optimize your OT security expenditure.