The Cyber Risk

          Energy companies are known to be top targets for malicious actors—particularly those of the
          state-sponsored and “hacktivist” varieties. Outdated software at any level or layer of the ETRM solution
          architecture presents a security vulnerability that these cyber threat actors will seek to exploit. Oftentimes,
          older applications are incompatible with the latest, most secure operating system (OS), database (DB), and
          runtime software so these key components also can’t be upgraded. A greater number of older components
          increase the potential attack surface, and the more aged they are means there are more known exploits
          available to any would-be hacker.

          This software patching “log jam” created by an out-of-date application results in situations like:

          •   Running older versions of Java, the .NET framework, etc.
          •   Using past versions of an SQL server or Oracle databases.
          •   Hosting the application and database on obsolete versions of Windows or Linux.

          In more extreme cases, this situation can spiral out to middleware software, custom integration, and
          touchpoints with third parties such as price data and measurement services. Custom code can be at an
          increased risk for exploits like credential stuffing or SQL injection, among others. Taken together, these gaps
          can leave your IT systems exposed to dozens, if not hundreds, of potential cyber exploits. It’s not just about
          malicious actors gaining access to sensitive trading data, or that they could take a critical commercial and risk
          system offline, but that the ETRM can be used as a platform to attack other assets on the business network.

          Mitigating Actions

          The obvious answer is to upgrade the ETRM system, but it can be challenging and time-consuming to build
          a benefits case, gain approval, and secure funding for a large project. While an organization considers the
          longer-term prospects of an upgrade or potential re-platforming initiative, below are steps that can be taken
          immediately to reduce the risk of a cyber incident.

          •   Apply the latest versions and patches of the OS and DB that are compatible  with the ETRM
              vendor’s software—same for components and frameworks like Java and .NET.
          •   Harden your DB and application servers by removing unnecessary components and access, closing
              ports, limiting RDP/SSH to whitelisted IP addresses only, etc.
          •   Run  vulnerability  scans  on  your  ETRM  system’s  servers  and  remediate  identified  issues  by
              priority.
          •   Use secure connections running current cryptographic protocols such as TLS (Transport Layer Securi-
              ty)—note that SSL has been deprecated due to known vulnerabilities.
          •   Consider enabling data encryption in-transit and at rest (either in the DB or storage layer) where feasible.
          •   Conduct static and/or dynamic code analysis on all custom interfaces and components and
              remediate security defects by severity.
          •   Ensure that end-point protection is in place for all devices from the end-user’s system, through remote
              access like Terminal Server or Citrix, to the middle tier and database servers of the ETRM itself.
          •   Enable logging and leverage a SIEM (Security Information and Event Management) solution to detect
              unusual activity and provide early warning of a potential breach.
          •   Segment the  network to  put legacy systems  in their own “box” where access to/from  can be
              limited to those individuals and systems that truly have a need.












             76    Cyber Defense eMagazine – April 2021 Edition
                   Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.