Vertical Markets

Utilities’ cyber report

by Mark Rowe

Why wait for a cyber catastrophe to prepare for a cyber attack? asks an audit firm. EY has brought out its Power and Utilities Global Information Security Survey 2017-18 (GISS). The firm says that the utilities’ sector cybersecurity function does not meet their needs. The survey also finds that 58pc of sector respondents anticipate difficulties in monitoring the perimeter of their digital ecosystem, compared with 36pc across all sectors.

The auditors say that it is becoming more challenging for utilities to map their digital environment. The report highlights that an increasingly fragmented energy value chain, plus the rise of microgrids and distributed energy resources, make it difficult to understand and manage risk. Despite the rising threat level, however, 85pc of respondents say they do not have a robust incident response program that includes regular crisis scenario testing.

Matt Chambers, EY Global Power & Utilities Risk and Cybersecurity Leader, says: “An expanding digital ecosystem with potentially millions of networked access points is exposing utilities to more sophisticated and frequent cyber attacks, which have the potential to disrupt critical infrastructure. Utilities are particularly attractive targets for state-sponsored actors in politically unstable regions. It is little surprise, therefore, that they are more worried than ever about the breadth and complexity of the evolving threat landscape.”

A heightened perception of risk owing to the increased adoption of digital is reflected in the report. Falling from 19pc of sector respondents last year, only 6pc now say they are confident that they have fully considered the information security implications of their current strategy, and that their risk operating model incorporates and monitors cyber threats, vulnerabilities and potential impacts. And only 17pc prioritize protection of non-IT “crown jewel” assets, while nearly a quarter (23pc) still do not have a security operations center.

Chambers says: “While utilities may feel more confident about confronting threats that have become familiar in recent years, they still lack the capability to deal with more advanced, targeted assaults. To be cyber resilient, utilities must embrace an enterprise-wide risk management strategy that includes review and adoption of leading practices against evolving threats using a multilayered approach across a proven framework for managing cybersecurity.”

The report also finds that 44pc identify budget constraints as a key barrier to responding to cyber attacks. Nearly a third of respondents (29pc) say they would need more than a 25pc increase in budget to achieve management’s desired level of risk tolerance, yet only 9pc expect to receive a budget increase of that scale in the next 12 months. Meanwhile, 62pc believe that an attack that didn’t cause harm would be unlikely to prompt an increase in budget.

Chambers says: “Often, the people responsible for security lack influence with senior management and struggle to articulate the risk in order to obtain additional investment. This reinforces the need to elevate security to an enterprise-level risk and become an integral part of the utility’s overall strategy.”

Most (85pc) of power and utilities respondents consider careless members of staff as the most likely point of weakness to attack. Almost half (48pc) also believe that their risk exposure related to vulnerabilities from social media usage has increased over the last 12 months, compared to just 8pc last year.

Related News

  • Vertical Markets

    FM trends

    by Mark Rowe

    The two disciplines of physical and cyber security are rapidly converging, says Iain Murphy, Corporate Security Director and Global Security Consultancy Practice…

  • Vertical Markets

    Kings hosts Yorkshire hub

    by Mark Rowe

    Kings Secure Technologies is the host for the Cross-sector Safety and Security Communications (CSSC) North East and Yorkshire hub, covering Northumberland, Cleveland,…

  • Vertical Markets

    Transec speakers

    by Mark Rowe

    The Transport Security Expo will this year be delivering more conference and seminar sessions than ever, on transport security sectors – Aviation,…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing