Utility Week - authoritative, impartial and essential reading for senior people within utilities, regulators and government
Issue link: https://fhpublishing.uberflip.com/i/1100062
20 | 5TH - 11TH APRIL 2019 | UTILITY WEEK Operations & Assets Cyber Security and Resilience Conference City Road Conference Centre, London, 12 March 2019 Working together to tackle cyber-threats Data sharing and collaboration were just two of the key themes discussed at this year's Utility Week Cyber Security and Resilience Conference. Adam John was there. C ollaboration was a hot topic at the 2019 Cyber Security and Resilience Conference, as delegates from across the utilities' spectrum gathered to discuss future-proo• ng assets against the threat from cyber-attacks. A• er the conference was opened by Andy Bates, executive director of EMEA Global Cyber Alliance, Steve Trippier, CISO at Anglian Water, spoke about the future land- scape of cyber-security and resilience in the sector. Trippier said that although the indus- try does collaborate, it is not enough by a "really long way". "We do quite a lot of collaboration with water, we do a lot of active threat intelligence sharing, we have a strategy board that is trying really hard to set some direction and to help each other – we do a lot of helping each other. But it's actually not enough, not enough by a really long way," he said. Culture change Cultural changes in the workplace were also discussed. Marilise de Villiers spoke about the need for "techy speak" to be translated into business language to ensure cyber- Andrew Tsonchev, director of technology at Darktrace, a leading machine learning company in cyber-defence. Tsonchev talked about the cyber-security of the Internet of Things in critical national infrastructure. He discussed the "immune system approach" – similar to the way the human immune system works, but in cyber- security arti• cial intelligence (AI) machine learning is inserted into technological systems to root out harmful material. "This is the idea that we are trying to push people to, when it comes to security, take seriously the vast, promising potential that AI machine learning has to enable this kind of approach," he said. EDF Energy's security case and strat- egy development manager, Steve Rumbold, began the second session by talking about creating and implementing advanced but cost-e• ective risk and security management frameworks. Outcome-based approach Using security at Hinkley Point C as a case study, Rumbold said taking a more outcome- based approach towards nuclear regulation had resulted in savings. He said: "When I • rst started, the regulations were really prescriptive, some countries are still like that, but what it did was impose unnecessary cost – sometimes where we didn't think we needed what was actually in the book. "Critically for me it inhibited the whole profession because people were lazy and just thought: 'It says it there so I will just do that.' We are a long way from that. "We now have security assessment prin- ciples which are outcome-based, we have to achieve certain outcomes, how we do it is up to us. "That was very much co-developed with the industry. They were like the safety assess- ment principles, we weren't completely re- inventing the wheel. "The bene• ts of that is we have got more proportionate controls, we can make savings there and we have done." Gone phishing Protecting customers from phishing attacks has been a key priority for utility companies, and Gill Thomas, assistant director, EMEA, for outreach at the Global Cyber Alliance gave a presentation on the bene• ts of using Domain-based Message Authentication, Reporting & Conformance (DMARC) as a way of preventing such attacks. Multiple studies have shown that more than 90 per cent of all online attacks start with a phishing email. literacy and resilience was on the agenda for executive management. She said: "My point of view and what I passionately believe is that organisations and society can only become truly secure if we strengthen the so-called human • re- wall and make people our strongest defence against cyber-attacks." De Villiers, founder and director of Marilise de Villiers Basson Consulting, said companies should not try to "reinvent the wheel" but should instead utilise the existing safety culture when implementing cyber-security systems. For the day's third talk, delegates were immersed in the world of international defence as Dr Tadas Jakstas, project manager at The NATO Energy Security Centre of Excellence, took to the stage. Jakstas spoke about how NATO imple- ments strategies to reduce the risk of cyber- attacks and organises its structure, taking a collaborative approach to cyber-defence. "Looking at the future, training and education is and will be a key to enhancing NATO cyber-resilience," he added. Rounding o• the • rst session was