Industries Served

Energy & Utilities

With high-value and critical assets ranging from the power grid itself , to energy generation facilities and end-customer sensitive billing data, the energy and utility industries face special cyber security issues. Consider the vulnerabilities of the current and near-term national security environment where unauthorized access to the grid and core infrastructure could have disastrous outcomes, negatively impacting the ability for countries to respond to external threats. Combined with the volatility of the global energy market, and the increase in awareness of the role these organizations play in our national stability and growth, utilities are also facing stricter, more comprehensive security, reliability and audit requirements around their Critical Energy Infrastructure (CEI).

Recent events demonstrate the vulnerability of SCADA and Industrial Control Systems (ICS) commonly found within energy utilities which have been subject to attack due to the weak and default passwords often set on these systems. In light of this, cyber security controls for the SCADA/ICS environment and the general organizational IT environment are critical risk management measures. Energy utilities must not only be concerned with who has access to sensitive systems and information, but also what activity people are doing with the CEI, especially when third party contractors need to access the network.

U.S.-based security guidelines set forth by various regulatory groups like the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) have paved the way for new standards being adopted by global entities. Other verticals such as the Oil and Gas and the Chemicals industry also introduced standards or guidelines on the proper security practices that are required in order to secure critical infrastructures. While the standards are a good step in the right direction, some utilities complain about ambiguity associated with how the standards are defined and enforced. As a result, energy companies have worked to develop their own internal security policies and controls to meet audit requirements and protect against attacks.

The worldwide deployment of new technologies such as the Smart Grid is a transformation in the way that energy utilities provided energy until today. This new technology brings a lot of benefits but also many new threats that must be addressed in order to ensure that the energy delivery system is safe and secure. The smart grid is transforming the electric grid to a much more intelligent grid with two way communications to the smart meter, which strengthens the need for new security solutions for this environment.

Let Cyber-Ark empower your energy or utilities organization, secure your CEI, and provide a complete audit trail for your security and compliance programs.

Compliance drivers:

• Federal Energy Regulatory Commission (FERC)
• North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP)
• Payment Card Industry - Data Security Standard (PCI-DSS)

Key challenges:

• Shared Administrative Accounts Accessing Critical Infrastructure
• Application Identities
• Monitoring & Recording Privileged Activity
• Application Encryption Keys
• Managing File Transfers
• Sharing Sensitive Information
• Isolating Sensitive Assets From Cyber Attacks
• Complying With NERC-CIP Regulation
• Managing File Transfers
• Sharing Sensitive Information

Sample customers:

• Direct Energy
• Enbridge
• Suncor
• Denver Water

Paul Tucker
IT Security Manager
Williams Company

Related Media:

• Utility Products article

Resources:

• Cyber-Ark for Critical Infrastructure Protection
• Cyber-Ark for NERC Secured Remote Access
• Complying with NERC CIP Standards