Defending power management equipment in an era of more connectivity
By James Martin, Global Connectivity Product Manager, Eaton
It’s well understood that as digital evolution continues opening doors for greater connectivity of devices, enterprises must ensure that new potential entry points are protected from potential cyber attackers. Businesses that strike this balance stand to capitalize on IoT while reaping the benefits from advancing solutions like predictive analytics to help streamline operations and make more proactive, data-driven decisions.
Power devices are becoming a bigger priority for cyber defense as enterprises bring them into their expanding network infrastructure. Earlier this year, the Cybersecurity and Infrastructure Security Agency and the Department of Energy issued a warning concerning network-connected uninterruptible power supply (UPS) devices, urging organizations to take steps now to stave off potential attacks.
Enterprises should evaluate their current cybersecurity game plans now and incorporate power management, considering the steps that follow.
Assess current readiness
Protecting power devices can not only boost enterprises’ cyber defenses, but also strengthen trust with their customers. Gartner predicts that by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. Having a well-rounded cybersecurity approach that includes power management can serve as example to customers or partners that an enterprise takes network threats seriously across the board.
Global safety standards offer a strong benchmark for IT teams to work from when deploying power devices and solutions. Underwriters Laboratories (UL) and the International Electrotechnical Commission (IEC) provide important guidelines for the implementation of appropriate cybersecurity safeguards in network-connected devices, including those in the power management space. Deploying UPSs with network management cards that carry UL 2900-1 and ISA/IEC 62443-4-2 certifications can give teams peace-of-mind that their devices were developed with cybersecurity in mind.
Employ best practices
In addition to leveraging power management solutions with baked-in cybersecurity capabilities, enterprises should use best practices with power management technologies that apply across an interconnected network. Examples include using firewall and industrial security solutions as well as encrypting information; conducting routine security assessments; regularly updating antivirus software and antispyware; using advanced email filtering; establishing powerful password policies and end point protection; and offering employees cybersecurity awareness training.
Enterprises should also look to execute remote firmware updates to keep current with the latest features. Selecting power devices that require cryptographic signatures for all firmware updates can help IT teams avoid cybersecurity risks. Additionally, looking for vendors that offer 24/7 monitoring across converged IT/operational technology (OT) environments will add an extra layer of protection and visibility for critical infrastructure.
Although primarily developed to monitor and manage power devices – as well as gracefully shut down critical loads during outages – power management software can also be used to provide an inexpensive, highly viable air gap solution. This measure helps keep secure networks physically isolated from unsecured ones including the Internet. Organizations such as Grandeur Housing use this method to safeguard against ransomware attacks while enhancing overall cybersecurity.
Embrace the evolution
By leveraging power management software, enterprises can stay on top of emerging cybersecurity threats like the Ripple20 vulnerabilities, which surfaced during the early days of the pandemic and put many internet-connected devices in jeopardy. Power management software allows IT teams to keep up with the latest patches and secure their power management components from Ripple20 and other new threats that develop.
Enterprises may also find it useful to partner with technology and solutions providers that demonstrate an ongoing commitment in protecting against cybersecurity risks as the proliferation of smart, connected devices link together more elements of IT operations. A key advantage that comes with this
type of collaboration is the ability to continuously monitor distributed networks and make necessary updates quickly as new threats are identified.
Some enterprises could be tempted to overlook physical security when it comes to protecting power devices and other IT equipment. However, this should be given careful consideration since attackers can use physical infrastructure to target critical data. Measures such as putting smart security locks on IT racks can be helpful to ensure only authorized personnel have access to these components.
Secure for the future
Enterprises will need to get used to the concept of weighing cybersecurity capabilities for their power management equipment, as this will only grow in importance as IT infrastructure becomes more interconnected. Every network access point needs to be safeguarded from potential cyber threats. By securing power devices as part of a full network defense, enterprises and their IT teams can have peace of mind knowing that they aren’t enhancing connectivity at the expense of cybersecurity.
About the Author
James Martin is the global connectivity product manager at Eaton. He has promoted Eaton’s software and connectivity solutions for the past 10 years and built trusted technical adviser relationships with channel partners, field sales, and sales operations. James can be reached online at (firstname.lastname@example.org) and at our company website https://www.eaton.com/us/en-us.html?percolateContentId=post%3A1