Information Item: Cyber Security - AUGUST 4TH, 2021 William Lu - Independent Electricity System Operator
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
AUGUST 4 TH , 2021 Information Item: Cyber Security William Lu Director, Information Security
Purpose The IESO will provide SAC with an update on industry best practices, the current cybersecurity landscape, and IESO’s role including its work related to Project Lighthouse 2
IESO's Role in Cyber Security
• Near real-time cyber security insights • Centralized hub facilitating rapid & long
on significant electricity sector incidents term electricity sector information
and events exchange
e.g. Lighthouse, sector notification,
intelligence community e.g. reports, alerts, IESO tradecraft
Situational Information
Awareness Exchange
• Reduce the likelihood of a Best • Creation and sharing of electricity
Reliability
successful cyber attack against the Practices sector cyber security best practices
electrical grid through coordination and recommendations
and collaboration with sector and
government entities e.g. playbooks, firewall reviews
3
Lighthouse Current Products & Services
• Near Real-Time Situation Awareness
• Community Portal for Members
• Alerts, Flash Report, Threat Hunting
Package
• Playbooks on Cyber Security Best Practices
• Bespoke cyber security report for member
organization
4
Lighthouse Program – How does it work? 5
Lighthouse Program
Cost Free
Time Average Setup ~1 hour
How Simple routing setup using
participant’s existing technology;
no Lighthouse-specific hardware
or software required
6
Lighthouse Program
• Situational awareness and
information sharing covering
Ontario distribution,
transmission, and generation
• Ontario Penetration:
• 95% of Service Delivery
Points
• 63% of all licensed
Distribution and Transmission
entities
7
Electricity Sector - Cyber Threat Landscape Update
• Ransomware remains most likely threat
to impact the Canadian electricity sector
• Ransomware stats first half of 20211
• 77% involve double extortion
technique
• Average payment $215k CAD
• Average total cost $2.3M CAD
• Recovery after payment:
• Average of 65% total data recovery
• Only 8% had full data recovery
1 according to a report by Sophos “The State of Ransomware 2021”
8
Colonial Pipeline Inc. May 6 – 12 2021
• Largest U.S. fuel distribution company disclosed a
ransomware attack impacting I.T. systems,
including billing
• Attack started May 6, ransom paid May 7, publicly
reported May 8, fuel operations restored May 12
• Operational Technology (OT) not directly impacted
• $4.4 million ransom payment. Inefficient
decryption tool from attacker forced a manual
recovery
• Colonial Pipeline provides over 3 million barrels of
fuel per day resulting in $180M/day of unbillable
product
9
Kaseya VSA and MSP. July 2, 2021
• Zero-day vulnerability in Kaseya VSA solution
an IT remote monitoring and management
solution.
• Adversary exploited ~40 Managed Service
Providers (MSP) using the zero-day
vulnerability
• Deployed REvil/Sodinokibi ransomware into
1000’s of MSP customers.
• $50,000 - $5,000,000 USD customer ransom
demand based on size of company
• $70,000,000 USD to decrypt all impacted of
Kaseya zero day vulnerability attacks
10Cyber Incident Response – Focus for the Sector
1. You cannot protect what you do not know
• Develop clear understanding of critical vendors, operations technology and
information technology crown jewel assets
2. Backup & restore is your last lines of defense
• Ensure robust backup and recovery measures are in place and tested
3. Cyber adversaries are mastermind planners, we must be as well
• Develop, update, cyber incident response plans and playbook
4. Continuously test procedures, playbooks and call chains
• Procedures and playbook must become muscle memory for them to be
effective
11Thank You ieso.ca @IESO_Tweets 1.888.448.7777 facebook.com/OntarioIESO customer.relations@ieso.ca linkedin.com/company/IESO engagement@ieso.ca
You can also read
