State and Local Agencies: Consider Cybersecurity in Power Management

Over the last year, ransomware threats have dramatically increased, leading to many high-profile attacks against state and local agency networks. Threat actors are becoming more and more sophisticated, making it more difficult for common defenses to stand up against them. You may be looking into ways to bolster your network infrastructure to do what you can to avoid such an attack happening to your agency. 

One commonly-overlooked area is power management, where increasing connectivity has paved the way for gains in efficiency and disaster avoidance. With increased connectivity, though, comes increased ways for threats to enter your system. This is one crucial area to investigate when securing your network against cyberattacks. In this article from James Martin, Global Connectivity Product Manager at Eaton, you'll learn how power management plays into cybersecurity and what steps you can take to protect your agency. 

Digital Transformation Accelerates in Government

State and local governments across the country are actively adopting digital technologies to improve services for citizens, leading many to make the shift from a traditional, centralized approach to a distributed model that leverages multiple locations to support IT requirements. Meanwhile, at many agencies, IT teams are leaner than ever, while evolving demands make it increasingly necessary for staff to respond remotely in emergency situations. Gone are the days where all IT locations had the luxury of onsite support teams. 

A trend running parallel to many of these developments is the growth of the Internet of Things. As this transformation unfolds, government institutions must consider the challenge these new endpoints will present for cybersecurity and ensure they’re protected across their expanding networks.

These related trends, both of which have accelerated amid the COVID-19 pandemic, require new approaches to power management and, in the case of IoT growth, actually impact power equipment itself.

More IT teams are deploying connected power management infrastructure, such as uninterruptible power supplies (UPS), to allow remote monitoring and management that minimizes the need for onsite support staff. While devices like UPS may not traditionally come to mind when institutions consider potential cyberthreats, the same could have been said for devices like HVAC units or internet-connected thermometers before they became targets for major attacks.

Tips for Protecting Your Agency's Power Management Systems

The growing importance of cybersecurity has made it imperative for power management providers to consider cybersecurity when adding connected capabilities to power management devices. Here are a few ways state and local government IT managers can incorporate cybersecurity safeguards into their power management strategies. 

• Use equipment that's secure by design. Many of the organizations responsible for setting global security standards are expanding and redefining their processes for certifying the cybersecurity of products as it relates to backup power devices. On the market today are various UPS network management cards that comply with the latest UL 2900-1 and ISA/IEC 62443-4-2 certifications that require robust cybersecurity capabilities and features. By purchasing power management products that meet these certifications, IT teams can benefit from knowing their equipment uses the latest in encryption, certificate authority and public key infrastructure, in addition to configurable security policies.
• Level up your security solutions. Beyond protecting against ransomware attacks, state and local agencies may wish to deploy further security measures, like a network air gap, which is designed to keep a computer network physically isolated from unsecured outside networks. For these agencies, that could include internet and/or local networks, with the objective of keeping sensitive information out of the hands of hackers so that IT teams can focus their efforts on serving citizens.
• Ensure firmware is up to date. To best protect against emerging threats, it is critical to make timely firmware updates. Just look at news of the recent discovery of Ripple20 vulnerabilities, which put billions of internet-connected devices at risk. In order to properly secure power management equipment against these evolving threats, IT departments can deploy power management software and work alongside technology providers to ensure systems have the latest patches. Power management software can offer a graceful shutdown — which, in the case of an extended outage, will help IT teams save work in progress and prevent data loss.
• Look to combine digital and physical security. Recent threats, such as those to Amazon Web Services’ data center infrastructure demonstrate that state and local agencies should also take physical security into consideration when it comes to their cybersecurity strategy and planning. Place safeguards like smart security locks on IT racks help to keep power management devices and other equipment secure while allowing only authorized personnel to have access to these components.

Ultimately, state and local agencies and their respective IT teams should aim to build a comprehensive plan for protecting power equipment, similar to plans for other Internet-connected systems. The best strategies strike a balance between investing in inherently secure products and taking ongoing measures to ensure equipment is up-to-date with the latest policies, procedures and assessments. 

The Road Ahead for Securing IT Infrastructure 

As internet-connected devices continue to proliferate, the public sector will continue to adopt new technologies that optimize efficiency and streamline day-to-day operations. Amid this technological transformation, cybersecurity and IT teams will have to keep tabs on industry developments to ensure power management equipment and other network-connected devices have the latest certifications. As their journey toward protection evolves along with the IT landscape, agencies can work to stay ahead of the curve by implementing a comprehensive cybersecurity strategy — one that incorporates power management. Get started by learning about Eaton's products with your local Accu-Tech representative.