Electric utilities: what about their cyber resilience?
Electrosuisse has surveyed small and medium-sized electricity companies to determine their ability to meet the threats of the digital age.
More and more SMEs are realizing that they, too, are neither too small nor too unattractive to cyberattacks. Especially for companies in critical infrastructures such as energy and water supply, the management of digital risks is of very special and increasingly existential importance. Electrosuisse wanted to use its Study wanted to know the state of "cyber resilience" at small and medium-sized power plants, and conducted a "Cyber Security Quick Assessment". Plant managers and IT and OT or cyber security managers at 30 plants with 4 to 600 employees were surveyed.
Protective measures are in the foreground
It was pleasing to note that cyber security is addressed to a greater or lesser extent at all electricity utilities, even if the task is still not tackled very systematically at the smaller ones. While the majority of medium-sized power plants are doing relatively well in terms of cyber security, and even very well in some areas, the small, local power utilities in particular have a lot of catching up to do in many disciplines.
Especially at smaller plants, more attention is paid to protection than to the detection of digital security incidents and the ability and willingness to respond to them quickly and appropriately. Plants with more than 60 employees have largely recognized that, in addition to multi-layered protection measures, effective and delay-free detection of security incidents, a timely and appropriate response to them, and the restoration of secure operability within a useful period of time are important elements of a holistic cyber security strategy.
A safety culture is needed
In this context, the human factor as biggest weakness also have a corresponding role to play. Increased investment in comprehensible and practicable guidelines as well as regular, systematic training of employees should not be considered a luxury. Security needs not only technical solutions, but above all a security culture. (ots)