The Reality of Cyber Threats and Responses Taken
EnergyLines October 2017
October is National Cyber Security Awareness month
It is difficult to predict when cyber crimes might take place. Equifax can attest to that. The data and security breach at the credit bureau exposed the personal information of up to 143 million Americans. In late September federal authorities have opened a criminal investigation into the breach and the CEO has stepped down. This breach shows why it is important to properly secure Internet connected devices at work and home. October is National Cyber Security Awareness Month and EnergyLines sat down with IT Infrastructure and Security Coordinator, Richie Field to talk about what Hoosier Energy is doing to identify cyber security risks.
What is the current business impact of Internet-based risks to Hoosier Energy? “The most likely form that someone would use to get into a Hoosier Energy system is through a phishing email that includes an attachment or link. We have multiple systems in place that scan email for these types of attacks before it hits an employee’s inbox.
If a phishing email uses a link to gain access to our system, if clicked, it will redirect to a third-party cybersecurity company. This company will then examine the link and determine if it is legitimate.
Another common way hackers attack Hoosier Energy systems is through social engineering. For example, an employee might receive a call from a hacker posing as someone from the Information Systems Department. From there, hackers direct employees to a website where they will be able to gain access or take control of that computer. To stay safe, we recommend that users don’t give logins or passwords over the phone.”
How many and what types of cyber incidents do we detect in a normal week? “On our corporate network we see a lot of low-level threats such as computer virus attempts. Overall, the majority of the inbound email attempts are blocked by our systems in place.
We are able to view threats and where they might come from. This includes multiple countries around the world. During a recent week Hoosier Energy was able to block 9,000 threats from China and 8,000 from Russia. These were attempts to break through our firewalls – software and hardware that screens out attempts to access company systems.”
How does our cybersecurity program apply industry standards and best practices? “Hoosier Energy’s latest NERC cyber security audit is the strongest example of applying industry standards. The audit went very well. The main area of focus during the audit relates to system threats. We have multiple systems that analyze intrusion and detection of incoming threats to help protect our server-based assets.”
How comprehensive is our cyber incident response plan? “We implement a range of tools in place to help us detect threats. In addition to that, we have solid back-up systems. For example, if something on our system was compromised such as a server, we could roll back to an un-compromised state and then take the compromised server to the Electricity Information Sharing and Analysis Center (E-ISAC) which is operated by NERC and DOE. They will analyze the data for us. Based on their report we will know what area of the system we need to strengthen and take the appropriate action.”