{"id":33985,"date":"2020-03-23T16:00:19","date_gmt":"2020-03-23T16:00:19","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=90771"},"modified":"2020-03-23T16:00:19","modified_gmt":"2020-03-23T16:00:19","slug":"defending-the-power-grid-against-supply-chain-attacks-part-2-securing-hardware-and-software","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-2-securing-hardware-and-software\/","title":{"rendered":"Defending the power grid against supply chain attacks\u2014Part 2: Securing hardware and software"},"content":{"rendered":"

Artificial intelligence (AI) and connected devices have fueled digital transformation in the utilities industry. These technological advances promise to reduce costs and increase the efficiency of energy generation, transmission, and distribution. They\u2019ve also created new vulnerabilities. Cybercriminals, nation state actors, and hackers have demonstrated that they are capable of attacking a nation\u2019s power grid through internet-connected devices. As utilities and their suppliers race to modernize our infrastructure, it\u2019s critical that cybersecurity measures are prioritized.<\/p>\n

In the first blog in the \u201cDefending the power grid against cyberattacks<\/a>\u201d series, I walked through how the accelerated adoption of the Internet of Things (IoT) puts utilities and citizens at risk of attack from nation state actors. In this post, I\u2019ll provide guidance for how utilities manufacturers can better protect the connected devices that are deployed in the energy industry.<\/p>\n

Protect identities<\/h3>\n

If your organization supplies the energy industry, you may be targeted by adversaries who want to disrupt the power supply. One way they will try to access your company resources is by stealing or guessing user credentials with tactics like password spray or phishing. According to Verizon\u2019s 2019 Data Breach Investigations Report, 80 percent of breaches are the result of weak or compromised passwords. Attackers target multiple people at a time, but they only need to succeed once to gain access.<\/p>\n

Securing your company starts with safeguarding your identities. At the bare minimum, you should apply multi-factor authentication (MFA) to your administrative accounts. A better option is to require all users to authenticate using MFA. MFA requires that users sign in with more than just a password. The second form of authentication can be a one-time code from a mobile device, biometrics, or a secure FIDO2 key, among other options. MFA reduces your risk significantly because it\u2019s much harder for an attacker to compromise two or more authentication factors.<\/p>\n

<\/a><\/p>\n

Figure 1: You can use Conditional Access policies to define when someone is promoted to sign in with MFA.<\/em><\/p>\n

Secure privileged access<\/h3>\n

In a supply chain attack, adversaries attack your organization to gain access to data and applications that will allow them to tamper with your product or service before it reaches its intended destination. Bad actors want to infiltrate your build environment or the servers that you use to push software updates. To accomplish this, they often target administrator accounts. Securing your administrative accounts<\/a> is critical to protect your company resources. Here are a few steps you can take to safeguard these accounts:<\/p>\n