It will come as no surprise that energy and utility companies, being part of our Critical National Infrastructure (CNI), are increasingly some of the most targeted services when we speak of cyber-attacks*. This is a trend that shows no signs of declining, as these organisations have become high value targets for those looking to gain financial or political advantage, disrupt national security, impact public safety and the economy, or generally to cause chaos.
Many of the transformational changes that energy and utility organisations are currently undertaking through digitisation, the expansion of ‘Smart Grid’ systems, and Industrial Internet of Things (IIOT) technologies such as Smart Metering, are increasing the attack surface and the risk of cyber-attacks on critical infrastructure and across the energy supply chain.
To help combat these risks the European Network and Information Security directive (NIS), was introduced in May 2018. This mandates companies operating within the critical infrastructure sectors need to adopt specific technical and organisational measures to manage threats to their Operational Technology (OT) networks. If there is a major safety or environmental incident and a company is deemed non-compliant with NIS due to not taking the minimum steps to prevent such an attack, they may be held negligent and financially liable. In the UK, non-compliant companies can be fined up to £17m, or 4% of global turnover.
*40% hit by malware at least once in the second half of 2017 - Kaspersky Lab report
Three key steps to secure your OT network
Tackling Industrial Control System (ICS) security challenges is a complicated operation. Listen to our webinar ‘Three key steps to secure your OT network’ and learn from Scott Cairns, T-Systems Northern Europe CTO, how you can adopt a practical approach to building a strong foundation to protect your critical business systems.