Utility Week

Operations & Assets UTILITY WEEK | 5TH - 11TH APRIL 2019 | 21 Views from the speakers: 1. Tech speak must be translated into business language. 2. Machine learning can be used for cyber-defence. 3. An outcome- based approach trumps prescriptive regulation. 4. Utility companies must protect their customers from phishing attacks. 5. It is essential that moble devices are made secure. Five top takeaways Brought to you in association with: DMARC is a tool that, if it is used by both the sender and recipient, helps prevent "email domain spoofing" – or an attack in the form of an email disguised as legitimate. "It provides brand protection, people aren't able to pretend to be you on email. It also stops you receiving an email from an imposter," she said. DMARC is a government-mandated pro- gramme and Thomas was keen to point out that HM Revenue and Customs made a "significant impact" by deploying it. In doing so it went from being the fi€h-highest "phished" organisation to the 148th. Supply chain Protecting the supply chain in industry is another key cyber-security issue the utility sector faces. Mary Sabalis, head of business systems at South East Water, and her colleague Car- oline Gould, head of legal and data protec- tion, discussed the need to build a joined-up approach to mitigate the human risks in the supply chain. The pair posed questions for delegates. For example, do third parties use their own devices in the same way as their companies do? Failure to do so could result in a potential threat to security. Nik Beecher, VP for cyber-security and ICT at defence and security technology com- pany Leonardo, kicked off the a€ernoon with a discussion on securing a digital future. Beecher warned that with customers increasingly demanding to communicate with their utility suppliers digitally, the "attack surface" has become more complex. "Like it or not," he said, "digitisation is going to happen to us all." Stijn Paumen, VP of business develop- ment at Wandera, gave an insight into secur- ing "device-centric" security strategies for the modern workplace. In particular, Paumen spoke of the need to ensure that mobile devices are secure. He cited examples where seemingly safe mobile apps had caused security threats. "By the end of this year, one-third of all malware will be on a mobile device," he added. Simon Newman, chief strategy officer at the Police Digital Security Centre, spoke about monitoring the vulnerability of inter- dependent systems and assets. According to the latest statistics for Eng- land and Wales, there were a total of 4.5 mil- lion incidents of cyber-crime and fraud last year – just under half of all crime in the UK. Newman said that one of the challenges for the police is the underreporting of cyber- crime – just 13 per cent is reported to the relevant authorities. Dr Tadas Jakstas, project manager, The NATO Energy Security Centre of Excellence "Civilian and military interoperability in the cyber-domain should be enhanced." Marilise de Villiers, director, Marilise de Villiers Basson Consulting "People generally want to do the right thing, therefore we have got to focus on habits and how we allow those habits to become automatic." Nik Beecher, VP cyber security and ICT at Leonardo "Even though we think we've closed the loopholes, technology keeps opening them up again for us because we continue to want to be able to exchange information faster, quicker, easier, cheaper and that comes with its own risk." Andy Bates, executive director of EMEA Global Cyber Alliance "Let's try to translate the physical world and the world of criminals into this technological world, not just sit in an isolated little technical bubble."

• Cover