How to mitigate cyber risks in power equipment

Dec. 27, 2022
Don’t underestimate the importance of safeguarding power management devices as network connectivity increases.

In a year where cyber attackers have launched a multitude of high-profile attacks, power devices have moved to the forefront of cybersecurity priorities.

This shift reached an inflection point in 2022 the Cybersecurity and Infrastructure Security Agency (CISA). And the Department of Energy issued a warning around network-connected uninterruptible power system (UPS) devices and urged organizations to take steps to help mitigate potential threats that could impact business operations. 

While the warning might have caught some off guard, it’s no surprise considering how much more interconnected IT equipment has become in recent years. More connection points mean more potential avenues to attack, and enterprises should incorporate power equipment as part of their holistic, end-end-cybersecurity strategy to protect against potentially crippling threats.

Obstacles Create Opportunity

As business of all sizes embrace greater connectivity, many are bringing power devices into the mix as part of their digital infrastructure. Leveraging network-connected UPSs allows IT teams to integrate these devices with software, services, and other IT assets to advance remote management and monitoring capabilities. These components should be safeguarded against potential threat actors just like every other network access point.

By taking measures to protect power devices from breaches, enterprises have an opportunity to both improve cybersecurity and build greater trust with customers. Gartner predicts that by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

Having a well-rounded cybersecurity approach that takes power management equipment into account can serve as example for customers or partners that an enterprise takes network threats seriously across the board.  

Steps to Secure Backup Power Devices

To ensure a comprehensive cybersecurity strategy, enterprises should aim to align people, processes and technology to enable multiple levels of protection. There are a several steps for IT teams to consider to secure power devices as part of their ongoing defense strategy.

1.      Use the right tools: Global safety standards organizations, including Underwriters Laboratories (UL) and the International Electrotechnical Commission (IEC), provide important guidelines for the implementation of appropriate cybersecurity safeguards in network-connected devices, including those in the power management space. Deploying UPSs with network management cards that carry UL 2900-1 and ISA/IEC 62443-4-2 certifications can give operators peace-of-mind that their devices have built-in capabilities to protect against breaches. 

2.       Keep the foundation secure: Enterprises should seek to execute remote firmware updates to keep current with the latest features. Selecting power devices that require cryptographic signatures for all  firmware updates can also help IT teams avoid cybersecurity risks. Additionally, looking for vendors that offer 24/7 monitoring across converged IT/operational technology (OT) environments will add an extra layer of protection and visibility for critical infrastructure.

3.       Employ best practices: Along with taking strategic measures to protect devices like UPSs from potential threats, there are some general best practices that should be implemented across broader connected infrastructures. This includes using firewall and industrial security solutions, as well as encrypting information; conducting routine security assessments; regularly updating antivirus software and antispyware; using advanced email filtering; establishing powerful password policies and end point protection; and offering employees cybersecurity awareness training.

Physical security measures, including the use of security locks on IT racks, can also help to ensure that only authorized personnel have access to IT equipment. And as the proliferation of smart, connected devices link together more elements of IT operations in distributed networks, it will be helpful to partner with technology and solutions providers that demonstrate an ongoing commitment in protecting against cybersecurity risks.

Monitoring an Evolving Landscape  

By leveraging power management software, enterprises can stay ahead of emerging cybersecurity threats. The importance of this capability has been illustrated in numerous risks that been identified in recent years – such as the Ripple20 vulnerabilities that put countless internet-connected devices in danger during the early days of the pandemic. 

To secure power management components against Ripple20 and other new threats that develop, IT teams should look to ensure their systems remain up to date with the latest patches. If necessary, IT and cybersecurity professionals can also work with their technology service providers to embed necessary patches or solutions as new threats are identified.

Although primarily developed to monitor and manage power devices – as well as gracefully shut down critical loads during outages – power management software can also be used to provide an inexpensive, highly viable air gap solution. This measure helps keep secure networks physically isolated from unsecured ones including the Internet. Organizations such as Grandeur Housing use this method to safeguard against ransomware attacks while enhancing overall cybersecurity.

Power management software has the capability to integrate with Windows operating systems and common virtualization systems, which makes it easy for IT teams to automatically discover and monitor common power infrastructure and IT equipment. Some solutions can also be customized to trigger specific actions on a customized schedule in alignment with devices like UPSs and power distribution units (PDUs).

Built to Last

Enterprises are seeing many benefits from the advances being made in technology. Innovation in connectivity and IoT devices is paving the way for solutions like predictive analytics which are helping teams streamline efficiency and make more proactive, data driven decisions.

However, with increasing connectivity comes a heightened need for safety as hackers will always be looking for a vulnerability to exploit. Enterprises can stay steps ahead by securing power devices as part of a comprehensive, evolving cybersecurity strategy.

James Martin is global connectivity product manager at Eaton. He has promoted Eaton’s software and connectivity solutions for the past 10 years and built trusted technical adviser relationships with channel partners, field sales, and sales operations.