The utilities industry is rapidly modernizing its infrastructure, adding more digitized equipment and connectivity across devices, plants, and systems. This evolution to ‘smart infrastructure’ represents a positive, paradigm shift for the industry. Unfortunately, the security policies of many utilities have not evolved along with it, leaving them incredibly vulnerable.
In its new whitepaper, The Six Biggest Cybersecurity Risks Facing the Utilities Industry, ABI Research, a market-foresight advisory firm providing strategic guidance on the most compelling transformative technologies, identifies the six most prevalent security weaknesses in the Utilities Industry and offers best practices to utility companies looking to steer clear of cybercriminals and threats.
Utilities are investing heavily to modernize infrastructure. In fact, ABI Research projects that the industry will spend $14bn a year between 2018 and 2023, a total of $84bn over that time period. While investments in digital infrastructure will remain very high over the next several years, investments in securing that infrastructure will lag behind.
Unfortunately, there is a growing gap between threats and spending, only 55% of the total security spend in the next five years will be spent on securing smart infrastructure.
By 2023, connected utility infrastructure will have essentially doubled in size, exposing utility companies to a myriad of cybersecurity risks.
The six most critical, and pressing, risks are:
- Boundary Protection (undetected unauthorized activity in critical systems).
- Physical Access Control (unauthorized physical access to maliciously).
- Allocation of Resources.
- Least Functionality (increased vectors for malicious party access).
- Identification and Authentication (lack of accountability and traceability).
- Account Management (compromised unsecured password communications).
As these threats continue to mount, it’s imperative for companies within the utility space to deploy secure IT/OT solutions. In the whitepaper, considerations and recommendations for shoring up IoT architecture and integrated security capabilities are offered as well.
The report can be downloaded here.