Cybersecurity

Cyber resilience is critical for business operations and customer trust

Our world is digitized, networked, and connected. With energy transition and digitization new (remote) technologies, connections and opportunities come. With these technologies, the risk for a cyber-attack increases significantly. And this is not (only) a matter for the Information Technologies (IT) department anymore, our hyper-connected world now allows for sophisticated attacks to be launched on your Electrical Infrastructure affecting its safety and reliability.

Business owners, facilities managers and electrical consultants often are unaware of the cybersecurity risks affecting electrical infrastructures, like electrical distribution systems, building energy management systems, fire detection systems, HVAC systems, and emergency lighting systems. Resilience against cyberattacks in these so called electrical Operational Technologies (OT) is critical.

Take the appropriate security measures to protect people, assets and business continuity

As organizations expand their digital footprint, it becomes imperative to protect the security, safety & reliability, availability and integrity of their systems. Cybersecurity threats must be taken seriously and met proactively with a system-wide defensive approach aligned to the organizational needs. It is of utmost importance to understand that every component that you introduce into your infrastructure could be an entry point for an attacker into your Electrical Infrastructure making you vulnerable to a cyber attack. With the appropriate security measures, and the right supply chain strategy you can ensure the resilience of your Infrastructure.

Discover how Eaton can help you secure your business continuity.

We're dedicated to establishing cyber-secure processes and innovating technologies that make trusted connections work.

Learn more

Why would cyber criminals attack your facility?

There are several objectives a hacker can have for attacking your business. There are hackers who spy into your business and could potentially have access to, or steal, sensitive data. Data - whether this is personal data or business data - is valuable and hackers can gain money by selling data to third parties. In most cases OT systems allow an easy entry point to the attackers from your OT infrastructure, they are able to hack into theIT infrastructure as a next step. There are examples of attackers that stole credentials and gained remote access to companies network that enabled them to install malware in the IT systems and siphon data. But it is not only data that gain a cyber criminals interest. When it comes to Operation Technology a breach in the cybersecurity chain gives hackers the possibility to create fear and chaos by taking over control of your OT systems. Such a breach results in the compromise of safety and reliability of your Infrastructure.

5 primary objectives for Operation Technology cyber attacks:

Primary attack

(e.g. disconnect power)

Supporting attack

(e.g. UPS disconnect)

Establish remote access/exfiltration point

Loss of View/Control

Manipulation of View/Control

How can cyber criminals enter your system?

There are multiple entry points - together called the attack surface - for cybercriminals to gain access to your business and where they can interact with the system (input, output, manipulate control, elevate privilege, etc.). From an IT perspective, it is well known that hackers try to breach via email and the internet for example. But with the Internet of Things, connectivity is added to your electrical power system, your HVAC system, your machines, your fire detection system, your emergency lighting escape routing and so on. All of these electrical systems are potential targets for cybercriminals. Imagine the fear and chaos the loss of control and disconnection of systems and/or disruption of your processes would mean for your company, employees, and clients.

Common Operational Technology cybersecurity gaps and weaknesses

Lack of accurate hardware, software, and network inventories

Lack of vulnerability management

Lack of transient asset controls (e.g. USB, laptops, etc.)

Weak system access controls/default credentials/stale passwords

Lack of visibility of “non-IT” assets

Missing or out of date backups

Lack of disaster recovery & incident response programs

Inadequate boundary defenses, segmentation, and remote access

Woman sitting at a bank of computer monitors in a control room - category hero

Strengthen your systems lifecycle security

An effective cybersecurity strategy for facility operational technology requires a comprehensive strategy that covers People, Process and Technology.

People

People are the weakest link in the chain when it comes to Security. Skilled attackers abuse the element of trust and make way into the systems via Social Engineering. Be aware of social engineers - hackers that enter your business through human interactions (e.g. with your employees) . Defending you organisation by training your people, vendors and internal stakeholders becomes the first line of defense. Ensure that you select trustworthy suppliers who understand the importance of Cybersecurity and have a robust Cybersecurity program.

Process

Ensure your processes consider Cybersecurity health of all the components in your Infrastructure and have defined roles, responsibilities. Ensure you have a robust Vulnerability management plan, Incident response plan and a dependable disaster recovery plan.

Technology

Select products, systems and solutions that are designed with cybersecurity in mind and meet industry standards through its full lifecycle and are regurlarlyassessed for potential vulnerabilities and are patched the discovered Security loopholes on a regular basis. Its also imperative that your facility OT network and assets are periodically assessed for Cybersecurity.