7199419673?profile=RESIZE_400xRed Sky Alliance analysts have read that the New York Power Authority (NYPA) and Siemens Energy announced a new collaboration to create a Center of Excellence regarding industrial cybersecurity monitoring, research and innovation center, that will concentrate on detecting and guard against cyberattacks on NYPA’s infrastructure.  NYPA’s Board of Trustees approved the creation of the cybersecurity center this past week.[1]  Public and private solutions are a critical component to sound cyber health for the future.  Red Sky Alliance works close with both public and private entities to help keep the bad actors away.

NYPA is the largest US state public power organization, with more than 80 percent of the electricity produced being clean, renewable hydropower.  Utilizing the power of water flow has been a source of renewable energy for many years.  Back when the first hydroelectric dams were built, the operations were basically a system of manual values.  Then entered computer activated and controlled systems, which then opened up many vulnerabilities.[2]  The NYPA operates 16 generating facilities and more than 1,400 circuit-miles of transmission lines.  This creates a concern for solid cybersecurity to keep its infrastructure running smoothly.

Working jointly, the NYPA’s Advanced Grid Laboratory for Energy (AGILe) and Siemens Energy, Inc. will attempt to identify security gaps in market ready solutions and establish test bed and demonstration pilots using Siemens Energy, Inc. technologies and processes.  This partnership is a great example of bringing together a coalition of the public sector and private industry to identify new and current cyber threats, adopt new technologies to protect digital infrastructure and close the energy industry’s talent-gap.

A recent joint study conducted by the Ponemon Institute and Siemens Energy, Inc., surveyed global energy executives on a wide range of threats, vulnerabilities, and strategies required to protect oil and gas assets and discovered the threat of cyberattacks targeting critical infrastructure is worsening.  The study found that 67 percent of respondents believe the risk level to industrial control systems has substantially increased due to cyber threats.  Meanwhile, 61 percent of respondents said their organization’s industrial control systems protection and security was not adequate.

Currently, operational technology (OT) assets in the field are particularly vulnerable to cyberattacks, as the majority of critical infrastructure was engineered before the widespread digitization of industrial control systems.  The Center aims to take digitization into account while researching and developing new systems.  “As we digitize every aspect of our generation and transmission operations, we need to be sure that our cybersecurity program is ironclad,” said Gil C. Quiniones, NYPA President and CEO. “This venture with Siemens enables both parties to bring their best thinking and experience to the table as we together test and develop state-of-the-art cybersecurity solutions that meet our requirements and protect our assets now and well into the future.”

Kenneth Carnes, Vice President and Chief Information Security Officer at NYPA, said, “Investing now in developing next-generation tools and techniques will reduce risks to enterprise-wide critical infrastructure and protect ratepayers and citizens against costly security breaches in the future.”

“Utilities and energy companies often lack the technical means and expertise needed to detect and mitigate cyberthreats in an increasingly digitized and interconnected operating environment,” said Leo Simonovich, Head of Industrial Cybersecurity at Siemens Energy, Inc. “To stay ahead of attackers and fully realize a new energy ecosystem based on digital technologies, we must deploy stronger cybersecurity solutions that are capable of defending critical infrastructure against increasingly sophisticated attacks.”

Based on our previous research, Red Sky Alliance has observed valuable information being share in the deep and dark web concerning companies that have both OT and IT systems.  Knowing this information can help with any legacy IT systems a company be be employing.  The information can then be used to blacklist underground indicators of compromise, or IOCs.    

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.

Interested in a RedXray demonstration or subscription to see what we can do for you?  Sign up here: https://www.wapacklabs.com/redxray     

[1] https://www.power-eng.com/2020/07/30/cybersecurity-center-of-excellence-to-develop-cybersecurity-best-practices-for-utilities/#gref

[2] https://www.usgs.gov/special-topic/water-science-school/science/hydroelectric-power-how-it-works?qt-science_center_objects=0#qt-science_center_objects