5 Key reasons why Utilities fail at Cybersecurity
An attack against the OT environment can result in a shut down — or worse, a safety event. We, at Prospero Events Group, have been helping Cyber & OT security experts from the European power & utility industry benchmark best practices for the past 7 years, and these we have learnt to be the key challenges they face.
Are you an OT or cyber security professional in the power & utility sector? Are these the key challenges you face in keeping your critical infrastructure secure?
Legacy OT Systems
The majority of Power & Utility companies use legacy OT systems that were not built with security in mind. Many of these systems are still running well past the end of life of their operating systems, making it hard to secure them against current threats.
Exposure to Threats from Digitalization
The utility industry is aggressively embracing digitalization for operational efficiency and, in the process, exponentially increasing the points exposed to threat. Every device and sensor deployed, from a remote sensor at a wind farm to an IoT component in EV Charging Station could be a potential point of attack for hackers.
The weakest link in the cybersecurity strategy is the people themselves. Lack of a security culture means that the people operating OT systems are not aware of the threats out there and could unknowingly put the critical systems at risk. The power & utility industry is not alien to attacks carried out by insiders either.
Standards ≠ Security
Critical Infrastructure Protection (CIP) in North America and Network and Information Systems (NIS) and other directives in Europe outline the standard for organisations to improve cyber-resilience. However, simply complying with security standards does not ensure security. Also, not all organisations are in compliance 100% of the time.
The Skill Gap
There is a worldwide shortage of skilled personnel capable ofdeveloping and analyzing OT cyber security. Employing professionals with the skills and the experience to strengthen and maintain the OT and IT systems’ defenses remains a challenge for the power & utility industry as well.
There is no such thing as a silver bullet to tackle the potential threats. However, you do not need to reinvent the cybersecurity wheel yourself either; you can learn the best-practices from those who do it the best. On 24–25 September 2020, Prospero Events Group brings together the best minds in Cyber and OT security in the European Power & Utility Industry at the 7th Cyber & SCADA Security for Power & Utilities 2020. CISOs, ISOs, Chief Cyber Security Architects are joining from Engie, Vattenfall, Innogy, Vestas, Israel Electric, Swissgrid, EnBW, Omicron, Claroty sharing experiences and best practices in a virtual forum designed to interact and exchange ideas.