News

Cybersecurity Management You Need to Know

The first computer virus was detected in 1970, and the cybersecurity threat to our nation’s utilities has continued to gradually increase since then, most significantly in the recent decade. As Industrial Control Systems become progressively more online and the Internet of Things works to improve efficiencies and service, more doors are opened for cybersecurity issues. Effective strategies to combat these threats should be based on rules, enforcement and awareness.

Much like the importance of safety regulations, a focus on cybersecurity in today’s climate is paramount. Whereas it is naïve to think that any industry is beyond attack, there are measures that can and should be taken to avoid incidents.

To manage the risk of cybersecurity threats, there are several strategies to consider.

Consistent Focus – Organizations who make cybersecurity a consistent part of doing business have less vulnerabilities to an attack. Both a focus on the corporate side and the third-party/supply chain must be prevalent.

Improved Training – Regular, effective training is key to ensuring that awareness and vigilance remain heightened throughout the company culture.

Top-Down Direction – In order to improve stickiness of training and perpetuate the importance of diligence, cybersecurity efforts should begin in the boardroom.

Evaluation – Companies are urged to take advantage of resources such as those provided by the EPA and other third-party reviews to assist with vulnerability evaluation and response plan development.

Be on Guard – It is vitally important that companies provide constant reminders of the dangers of phishing emails and removable media. Phishing emails have become more and more sophisticated and can be incredibly deceiving if focus is not present. Removable media should never be connected to a company system. For instance, a USB port found in a parking lot can pose just as much risk as one provided free at a trade show.

Safety Campaigns – Companies that develop ongoing initiatives, including moments of awareness and stories that make cybersecurity a frequent topic of conversation, better maintain awareness and diligence throughout.

NERC Events – Participation in simulated attack experiences and annual conferences through The North American Electric Reliability Corporation (NERC) provides hands-on opportunities to practice response plans and evaluate where improvements are needed.

Healthy communities rely on the availability of clean drinking water and sanitary wastewater treatments. By heightening awareness and maintaining a focus on preparedness, our industry will be better positioned to keep our communities safe.

 

Sources:

https://www.epa.gov/homeland-security-research/water-system-security-and-resilience-homeland-security-research

https://www.utilitydive.com/news/5-ways-the-utility-industry-can-mitigate-cyber-incidents/523284/

https://blog.devicemagic.com/the-utilities-industry-in-2018-what-you-need-to-know