Utility Week

22 | 20TH - 26TH MARCH 2020 | UTILITY WEEK Customers Roundtable Cyber-security and Resilience, London, 27 February 2020 I t was just days before the country finally found itself locked in the full grip of the Coronavirus emergency when a group of cyber experts from across the utilities indus- try and beyond sat down to talk about the importance of security and resilience for critical national service providers. The delegates at the Utility Week roundta- ble, sponsored by Leonardo and Darktrace, included senior players with the daunting responsibility of keeping the country's power and water sectors operating, both in busi- ness-as-usual periods of "peace time", as they called it, and during "war time" periods of a heightened state of alert. While all had varying remits when it came to their organisations' operational technology (OT) and information technology (IT) systems, there was consensus that grow- ing a better cyber awareness culture within utilities was now becoming imperative. They also agreed that IT and OT security functions were converging, and that chang- ing mindsets across companies' "carpeted" and "uncarpeted" environments was critical to meeting developing demands. Fast-forward just two weeks and those words feel more timely than ever, as increas- ing numbers of people work remotely due to COVID-19 and staff absences at site locations rise. The pandemic will be a huge test for the cyber resilience of every company and not least for lifeline service providers, utilities. How do you create a culture of cyber awareness? Being proactive is key to the awareness mes- sage, agreed delegates, including involving all teams, sharing knowledge of connected systems and nurturing cyber security champions. Because while digital transfor- mation offers a myriad of technology pos- sibilities, securing the integrity of systems is an increasing challenge as safety-critical environments become ever more open. Achieving buy-in from the board on cul- ture is key. "While it can be fairly easy to reveal the technology solutions that may pro- duce, mitigate or avoid a certain risk," said one delegate, "oŠen the process-based risks around people are not captured on a risk reg- ister. Getting a board to invest in something where you can't tangibly articulate how it's going to affect certain risk is very difficult. But it has to be done." The growth of regulation and governance in the sector is helping to drive the corporate acceptance of a need to elevate standards – although the experience around the table was that this didn't necessarily mean that managers could simply ask the board for more money to help. So, taking the workforce with you by helping them contextualise the policy with their business as usual (BAU) activity, although a simple approach, could be game- changing solution. "Too oŠen, this isn't the On the agenda: The Utility Week roundtable on cyber-security and resilience, sponsored by both Leonardo and Darktrace, featured a range of delegates from the utilities and IT space, who focused on three key agenda areas: • Creating cyber-awareness in the organisation • Maintaining trust a•er a breach • Preparing for tomorrow's risks • This discussion was conducted under Chatham House rules Preparing for tomorrow's challenges Cyber-security and resilience are watchwords for every organisation, but how are utilities approaching the increasing threat and what do they consider the greatest risks of tomorrow? Industry experts gathered for a roundtable to discuss concerns and share best practice, as chair Suzanne Heneghan reports.

• Cover