Cybersecurity is hard enough when nothing is on fire.
During extreme weather events, what the Department of Energy refers to as contingency events, recovery efforts at power facilities require rapidly expanding the number of people with access to networks. They can potentially force enterprises to relaunch out-of-date machinery or accelerate the schedule of new installations. It's not only a period of tremendous stress for the energy sector, where lives depend on urgency, it's a period where malicious actors can take advantage of the chaos to gain unwarranted access.
"Hackers are beginning to become aware of the fact that vulnerabilities may be exposed during a triage period that would not normally be exposed," said Duncan Greatwood, CEO of zero trust vendor Xage. "But, It's not just that you're running with the additional risks, but with new people, you actually have a higher level of scrutiny by hackers during a contingency event than you would during normal times."
Xage announced Wednesday it had secured a DoE contract to develop a zero-trust solution for remote terminal units and switches to facilitate emergency technicians during contingency events.
The anomalously severe Texas power outage in February required tens of thousands of emergency technicians to work across the grid. That can be a rapid jolt to a credential system that during normal times can sometimes amount to little more than distributing a list of passwords across a small, vetted workforce.
"When it goes into contingency situations, it really becomes incredibly difficult just to get access to those hundreds or thousands of people that may be coming in to help. Often the way that it's done in practice is that the permanent employees are handing over their list of passwords and access methods temporarily to the people coming in, and that obviously creates a huge bunch of security risk around," said Greatwood.
Xage will be providing a rapidly scalable zero-trust solution that can quickly credential hoards of temporary staff during an emergency and quickly eliminate those accounts after they leave.
But, said Greatwood, the zero-trust environments they provide could be useful beyond the stated purpose of emergency weather. It could be a boon to renewable energy systems year-round, which can be more distributed.
"If you have 100 solar farms, you don't need every technician to have access to all the 100 farms," he said.