Data security threats have become a primary focus for utility asset owners, as the risks from cyber threats grow in frequency and sophistication. A recent report published on the U.S. Department of Energy website states that:
“There have been no reported targeted cyber attacks carried out against utilities in the U.S. that have resulted in permanent or long-term damage to power system operations thus far, yet electric utilities throughout the U.S. have seen a steady rise in cyber and physical security related events that continue to raise concern.”
Companies that own and manage the infrastructure critical to our country’s power and communications systems hold the significant responsibility for guarding against the threats to its security.
When technology becomes available that can make asset data management more efficient and effective, an important piece of the consideration should be the security measures that are in place to guard and protect this critical data.
Understandably, asset owners can be hesitant to enter all of their data into a shared, centralized asset database. While the benefits of this kind of system can significantly streamline and improve asset management, it can also raise security questions.
A Lot of Asset Data is Already Publicly Available
While data security is an important consideration, it is worth mentioning that much information about asset locations is already publicly accessible via applications like Google Maps. However, to help prevent an asset owner from becoming the source of any data leaks, data security measures should be applied to keep confidential data private. Asset owners must have the ability to decide what data to share-- and with whom-- and what data to keep private.
Look for Security Best Practices
Data security at an application level should provide adequate protection from the top OWASP (Open Web Application Security Project) vulnerabilities. Application code should be reviewed frequently to ensure that no vulnerabilities are introduced, and new attack measures should be analyzed for potential risks. Penetration testing should be used to identify and remedy vulnerabilities, while protections must be established against attacks or security failures including:
- SQL-injection attacks
- Broken authentication and session management that would compromise passwords, security tokens and session keys
- XSS attacks
- Data leakage between parties
- Cross-site request forgery
A comprehensive firewall should also provide:
- Real-time, multi-layered protection against sophisticated attacks including blended threats that originate from multiple sources, operate at multiple layers, and utilize multiple protocols
- ICSA-certified gateway antivirus and anti-spyware protection
- Intrusion preventions system to protect against worms, Trojans, software vulnerabilities, and other intrusions by scanning all network traffic for malicious or anomalous patterns
- GeoIP filtering to block international threats
- Protection against unknown threats, such as zero-day attacks and ransomware
Data Sharing Can Be Safe…with the Proper Security in Place
With comprehensive data security measures in place asset owners, attachers, and third-party contractors can be confident in sharing jointly-held asset data within a single central asset database. As previously mentioned, this type of joint use asset data is already housed in other enterprise systems that hold far more sensitive information. A shared, joint use asset management database will simply allow information that is already available easy access by key pre-determined stakeholders.
Learn More. Schedule a consultation with an Asset Management expert.