Gartner Blog Network


Protecting the Power Grid from Dragonfly with Basic Cybersecurity Practices

by Chet Geschickter  |  July 1, 2014  |  Submit a Comment

I am not an expert in cyber security, however, I do work with some such as Earl Perkins from our Risk and Security analyst team.  As a member of the utilities team I find a some aspects of the Dragonfly security threat that Symantec posted on its Security Response blog yesterday alarming. The Symantec post goes into a good deal of detail on Dragonfly that I won’t repeat here. On to the power grid.

The attack surface of the US power grid is actually quite large and the interdependencies between physical grid and control systems are complex. Translation: there are lots of ways to “take down the grid.”

A common belief within the power industry is that large groups of cyber espionage teams are working diligently on ways to attack our power grid.  We are highly dependent on electricity for: national defense, financial markets, public safety, health care, and transportation (especially air transit among other things). Backup systems are in place in many of these areas, however, wide area outages would quickly expose weak links, and if they were of an extended duration, they would drain backup systems – even including distributed generation based on fossil fuels if commodity supply chains were disrupted. Chaos would result, and we could be “held hostage” and/or the vulnerability to physical attacks and the scope of their impact – would be vastly expanded.

A plausible first step would be to place agent software – such as Dragonfly – into critical operations systems to gather data on operations to plan an attack, and to create hooks into operations systems that could later be used in an orchestrated attack.

Implanting Trojanized agent software into downloadable industrial control system (ICS) software ups the ante. This is an effective way to distribute malicious software widely for use in a subsequent coordinated strike.

But as Earl Perkins we admire the problem of cybersecurity threats too much and devote far less attention to how to solve the problem. In a recent blog post, Earl outlines four straightforward actions to take in a recent blog post:
When are we going to stop admiring the cybersecurity problems facing smart grids and other operational technologies?

Interestingly, although much is made of the potential of IT-OT convergence to heighten cyber security risks, Earl cites potential wins from tapping into OT network professional expertise to improve IT network security.

Yes, there are some disturbing threats out there and they are only going to worsen. This makes proactive cyber security measures all the more pressing.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: 

Tags: cybersecurity  dragonfly  power-grid  smart-grid-2  

Chet Geschickter
Research Director
2 years at Gartner
22 years IT Industry

Chet Geschickter specializes in the customer life cycle process and renewable energy within the Energy and Utilities industry research team.. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.