Good question. Cyber criminals and the threat of cyber attack is industry agnostic. For the utilities industry though the knock on effects of a cyber attack are potentially disastrous for wider society (Die Hard IV anyone). With a complete reliance on electricity, the national electric grid is of paramount importance to the nation; and therefore a prime target for cyber attack.
On Tuesday, senior figures from the US utility world convened to discuss how they could protect the North American electric grid from cyber attack. The Bipartisan Policy Center (BCP) convened this joint Electric Grid Cyber Security Initiative with Homeland Security and the Edison Electric Institute.
The day of talks and workshops highlighted what type of cyber security challenges the industry faced and sought to propose how to ensure protection.
Utilities companies agreed that whilst their preparations for natural disruptions and excessive demand were solid, cyber attacks were a relatively new consideration for them.
Chris Peters, VP for critical infrastructure protection for Entery (a nuclear power plant operator) commented ‘We have to treat the cyber threat with the same respect we do to the forces of nature… We have to fund it, we have to staff it, and we have to be ready to respond as necessary.”
Spread out across the country, across multiple sites, the electric grid is extremely vulnerable to cyber attack. With our complete reliance on technology, any interuption to the electric grid for any sustained amount of time would have huge effects on businesses, transport, the economy, the list is endless.
But what can utility companies do to protect themselves?
Well the ISO/IEC has just published their latest information security standard ISO27019: Information Security for the Energy Utility Industry. The standard provides guidance for organisations working within the energy industry to implement an information security management system (ISMS) that meet the requirements for ISO 27001.
The scope of the standard covers all the process control systems – used for the control and monitoring of all the stages of energy generation, storage and distribution – that are digital and that are used by the energy utility industry.
There is a real need for the utility industry to start developing robust cyber defences, and quickly. ISO 27019 would seem like a good starting point.