Can Good Enterprise Mobile Device Strategies Combat a Rise in Utility Threats?
The smart grid — the biggest upgrade to the nation’s electrical infrastructure in decades — promises to deliver electricity more reliably, intelligently, and efficiently. For customers, it means fewer power outages, faster restores, and a greater capacity to manage their energy costs and consumption. For utilities, it means an improved ability to meet escalating demand, lower operational and management costs, and use more renewable energy.
While some believe that more modern infrastructure would be better at fending off cyberattacks, the reality is more nuanced. According to McKinsey, there are three main drivers behind increased cybersecurity threats to the smart grid:
- The growing attention on the vulnerability of utilities by bad actors.
- The complexity and geographical breadth of utility infrastructure.
- The intertwined relationship between outmoded operational technology and cloud-based cyber-management platforms.
These realities can lead to more cyberthreats in the form of phishing, Denial-of-Service (DoS) attacks, malware that can spread into organizational servers and devices, and spoofing attacks (e.g., eavesdropping and traffic analysis).
While these are very real risks, they are not deal-breakers. Applying the same level of thought, preparation, and intelligence involved in developing smart grids to the mobile devices, applications, and networks that utilities rely on can make a big difference.
Today, mobile devices are everywhere in the utilities hemisphere. They are used by managers to communicate with field staff and share information and by field workers to perform inspections, utility control, and reporting. The introduction of the smart grid requires utilities to take smart enterprise mobility to the next level. This step will help utilities modernize how they operate and secure mission-critical data from bad actors — without interrupting processes, surpassing the budget, or creating new vulnerabilities
When considering how to best handle grid security issues with mobile technology, it’s important to think about security from several angles: secure hardware, software, and connectivity. All three are critical to protecting data, assets, and communication.
Optimizing Hardware and Software Security
The device hardware should be locked down tightly. To ensure this requirement is met, choose mobile devices with secure cores that use hardware-rooted security in the central processing unit (CPU). This way, every time the device is booted up, it happens in a trusted state to prevent malware from tampering with the system and attacking at the firmware level.
As the operating system launches, the system should monitor every step in the process to ensure that everything happens normally. If it detects something wrong, it should shut down the unit. At that point, virtualization-based security (VBS) should isolate any authentication functions from the rest of the operating system to protect logins from attack and ensure only legitimate users can gain access.
In addition to insisting on a secure core, consider these additional security solutions:
- Drive encryption. OPAL SSD is a solid-state drive that gives users the choice of using hardware-based encryption. BitLocker, a Windows-based option that protects data, also offers enhanced protection. Both help protect identities, prevent access to unverified code, and defend against firmware-level attacks.
- Hardware-based encryption. This method uses a chip on the drive to encrypt all data, decrypting it only upon positively identifying a user. It also measures the link to the unique identifier of a particular mobile device. These mechanisms provide protection on top of drive-based encryption through hardware keys that use robust encryption standards like AES and 3DES.
- Authentication. Multi-factor authentication, which requires users to provide an additional factor beyond a password like a facial pattern, smartcard, or fingerprint, can drastically improve security.
- Trusted Platform Module (TPM). In this solution, the module — usually integrated in the form of a chip — verifies that the platform has not been subject to any tampering. It provides a secure way to store passwords, certificates, and encryption keys. The TPM chip can also detect unauthorized configuration changes made by malware and block access to affected applications. Mobile TPM on MicroSD chip cards is an option for enterprise-grade or rugged handheld devices.
- Asset tracking. Asset tracking software can keep track of a mobile device’s location, status, and recent system hardware and software changes. If the device is lost or stolen or its hard drive gets wiped or replaced, the software can automatically install itself from the Basic Input/Output System (BIOS). The software may also have a kill switch that renders the device unusable and wipes sensitive data. One example is Absolute Persistence, which is loaded onto enterprise-grade devices like Panasonic TOUGHBOOKs at the factory.
- Software-based encryption. Software-based encryption essentially scrambles data so it cannot be interpreted by hackers. Since it tends to consume a significant amount of memory and CPU cycles, it is best to use on devices with powerful chipsets.
- Mobile Device Management (MDM) and Enterprise Mobile Management (EMM). These software solutions are becoming mandatory for all devices used for work purposes. They allow utilities management to implement consistent security policies across all devices, lockdown functionality remotely, monitor and limit access, track assets, and protect data via remote data wipes.
Mobile networks can be hacked, and when they are, it isn’t pretty. If hackers can replicate a network, they can send malware to mobile devices, steal data, and even convince users to connect to devices they control. To combat these threats, consider these steps:
- A mobile-specific VPN. A virtual private network (VPN) can encrypt data at rest and in transit, be configured to allow only certain apps to run, and restrict the sites users can access online. Look for a VPN designed for mobile services and cellular networks that can maintain consistent, highly secure wireless connections regardless of location.
- Access Point Name (APN) security. Unlike a VPN, which creates a secure connection to another network over the Internet, an APN is a gateway provided by a telecommunications carrier that enables users to connect to the Internet via the carrier network.
Combat Utility Threats With Panasonic TOUGHBOOK Solutions
Addressing grid security issues requires a comprehensive approach that spans hardware, software, and communications, along with mobile devices that can accommodate the required features. That’s where TOUGHBOOK comes in. The Panasonic TOUGHBOOK® 55 is one of the world’s first secured-core PCs developed with Microsoft, making it ideal for handling mission-critical data. It also ships with a built-in infrared camera, allowing users to authenticate themselves via facial recognition — even in low light conditions.
To further combat security risks, Panasonic partners with Absolute to offer self-healing endpoint security. We embed Absolute® Persistence™ technology in the firmware of TOUGHBOOK devices, allowing organizations to maintain an unbreakable connection to all associated TOUGHBOOK devices—on or off their network. This solution provides uncompromised visibility and near real-time remediation capabilities to protect devices, data, and applications.
Pairing smart enterprise mobility with smart grid technology is the perfect solution. Together, they will help utilities provide customers with secure, reliable, efficient, and cost-effective power for years to come. For more information about mobile security solutions and how they can benefit your organization, please download our free Mobile Security playbook.