Expert View: Remote infrastructure is utilities’ Achilles Heel

Utilities are the unsung hero of the modern world. People rely on them intrinsically. Without them they can’t drink, communicate or stay warm. It’s also something they only really think about when the service is interrupted, and then there is an almighty uproar – underlining how critical they are.

However, despite this vital importance, it’s strange how many services are public facing. Banks hide money in well secured vaults, stores use CCTV and security. Yet utilities hide in plain sight; from internet cabinets on every high street to water pumps tucked away behind gates. Arguably, utilities companies are leaving themselves exceptionally vulnerable. Internet or power cabinets don’t have CCTV monitoring them – if someone wanted to cause havoc, all they need to do is take a heavy object to one and they’ll disrupt multiple people’s days and cost firms simultaneously.

In today’s world where the number of threats increase every day, the convergence of public-facing infrastructure combined with physical and cyber threats means a step change in approach is needed. Despite their importance, on-street cabinets don’t have the same protection afforded to many storage facilities, despite playing a crucial role in the network. In fact, there’s no audit trail – companies are invariably unable to trace who has had access as it’s done via mechanical locks. Despite innovation in 5G, fibre and demand-side response, there is still a very manual edge to asset protection.

So, we need to talk about asset management and protection, as this needs to be brought screaming and kicking into people’s attention. Maintenance is a prime example. Many outsource cabinet, facility or access management to a third party. However, few can prove it’s being completed, as there’s no form of access control. Someone might be seen on CCTV– but do they have the necessary credentials, or are they a bad actor intent on wreaking havoc? Access control is now commonplace in offices, flats, public services, so journeys can be tracked and traced. Why isn’t this being translated into all critical national infrastructure, not just the larger facilities?

It also needs addressing before we enter the next wave of smart cities. Take traffic cabinets – these are opened by a lock and key – not hard to prise open. Whilst humans would quickly work out if all the traffic lights were green and find a short-term (if not slightly grumpy) solution, driverless cars may not have the same intuition. If they are being told to go, it would immediately cause gridlock and possibly even collisions, as their computers would be overwhelmed – all due to a compromised cabinet.

Undiscussed but easy to solve, Genetec is working to put access management in place that stops this threat.