Why state and local agencies should consider cybersecurity in power management

Digital transformation is accelerating in government

State and local governments across the country are actively adopt digital technologies to improve citizen services, which has led many to move from a traditional centralized approach to a distributed model that leverages multiple locations to support IT requirements. Meanwhile, in many agencies, IT teams are leaner than ever, as changing demands increasingly require staff to respond remotely to emergency situations. Gone are the days when all IT sites had the luxury of having onsite support teams.

A parallel trend to many of these developments is the growth of the Internet of Things. According to Business Insider, the number of devices connected to the IoT will increase to 41 billion by 2027, up from around $ 8 billion in 2019. As this transformation unfolds, government institutions must take into account the cybersecurity challenge these new devices will present and ensure they are protected on all of their expanding networks.

These related trends, which have both accelerated amid the COVID-19 pandemic, require new approaches to power management and, in the case of the growth of IoT, are actually impacting the electrical equipment itself.

More and more IT teams are deploying connected power management infrastructure, such as uninterruptible power supplies (UPS), to enable remote monitoring and management that minimizes the need for on-site support personnel. While devices like inverters usually don’t come to mind when institutions consider potential cyber threats, the same could have been said for devices like HVAC units Where internet connected thermometers before they become the target of major attacks.

RELATED: How can security operations centers help state governments?

Tips for protecting your agency’s power management systems

The growing importance of cybersecurity has made it imperative for power management vendors to consider cybersecurity when adding connected capabilities to power management devices. Here are some ways that state and local IT officials can incorporate cybersecurity measures into their power management strategies.

• Use equipment that is secure by design. Many organizations responsible for setting global security standards are expanding and redefining their product cybersecurity certification processes for uninterruptible power supplies. There are various UPS network management cards on the market today that conform to the latest UL 2900-1 and ISA / IEC 62443-4-2 certifications that require robust cybersecurity capabilities and functionality. By purchasing power management products that meet these certifications, IT teams can benefit from the knowledge that their equipment uses the latest encryption, certification authority, and public key infrastructure technologies, in addition to configurable security policies.
• Improve your security solutions. Beyond protecting against ransomware attacks, state and local agencies may wish to deploy additional security measures, such as a network airspace, which is designed to keep a computer network physically isolated from insecure outside networks. . For these agencies, this could include the internet and / or local area networks, with the goal of keeping sensitive information out of the reach of hackers so that IT teams can focus their efforts on serving citizens.
• Make sure the firmware is up to date. For better protection against emerging threats, timely firmware updates are essential. Just watch the news of the recent discovery of Ripple20 vulnerabilities, which endangers billions of devices connected to the Internet. To properly protect power management equipment against these evolving threats, IT departments can deploy power management software and work with technology vendors to ensure systems have the latest patches. . Power management software can provide a smooth shutdown, which in the event of a prolonged outage will help IT teams save work in progress and prevent data loss.
• Seek to combine digital and physical security. Recent threats, such as those aimed at Amazon Web Services Data Center Infrastructure demonstrate that state and local agencies should also consider physical security when it comes to their cybersecurity strategy and planning. Placing protective devices such as smart security locks on IT racks helps secure power management devices and other equipment while allowing only authorized personnel access to these components.

Ultimately, state and local agencies and their respective IT teams should aim to develop a comprehensive plan for protecting electrical equipment, similar to plans for other systems connected to the Internet. The best strategies strike a balance between investing in inherently safe products and taking continuous action to ensure that equipment is up to date with the latest policies, procedures and assessments.

TO EXPLORE: What are the top five questions a cybersecurity assessment should answer?

The way forward to secure IT infrastructure

As internet-connected devices continue to proliferate, the public sector will continue to adopt new technologies that optimize efficiency and streamline day-to-day operations.

Amid this technological transformation, cybersecurity and IT teams will need to keep an eye on industry developments to ensure that power management equipment and other devices connected to the network have the latest certifications.

As their journey to protection evolves with the IT landscape, agencies can strive to stay ahead of the curve by implementing a comprehensive cybersecurity strategy, which incorporates power management.