Utility Week

UTILITY WEEK | 20TH - 26TH MARCH 2020 | 25 Customers one speaker "there comes a point where you say we can't try to protect against that. It goes above and beyond what we're capable of. So, we say we can protect and respond up to this level." Protecting against the risks of tomorrow "Threat modelling is the future if you are to really understand the cyber risks to your organisation," said one speaker. And also, knowing about the adaptability of your tech- nology – although this is not proposed as a sustainable solution in the long term. Another speaker spoke of how his com- pany had helped build an alliance with key stakeholders, to collaborate on connect- ing systems and see just what a good future could look like. A key question considered by the group was how could you "virtualise" a PLC? "Could it help rebuild systems quicker in an attack scenario," asked one delegate, "if you could get another control room off the shelf? When you look at some of the scalable technology, could something be done in this space in the future? "I think the cloud has got a role to play, although you are still going to have physi- cal equipment at physical locations. But shouldn't you have the situation where a back-up control system is being replicated to the cloud in real-time?" "I think we can say with confidence the only way is cloud," a fellow speaker responded. Another added: "In terms of centralising data lakes – that's the cloud, because the resources are there for that. But I think with the advent of fog computing, we become more efficient with use of network and therefore less vulnerable to attack." Protecting against the "accidental insider" will continue to pose risks, agreed the forum, although processes to help stop non-subversive employees making mistakes will likely become more robust, as malicious external forces try to increasingly exploit human error – another key reason for grow- ing cyber awareness. We can also expect to see monitoring of privileges and retrospec- tive checking stepped up. Decentralisation of the energy system will also bring the need for stronger monitoring capabilities in the future. "If you have commonality, then that can be compromised. We will need to know more about what's going to be outside of our direct control, but what we will begin to rely upon because it has critical mass penetration," said one provider. "Tomorrow's threats are going to be low- cost commodity hardware in the IoT space,' said another guest. "Tens of thousands of them. They are going to be in every home and very accessible to the outside world. A big question will be, how can we ensure these things are secure?" All of us care about our environmental, social and governance obligations, said another. "We need to be making sure that we, or those we are partnering with, deliver products into the home that are doing the right thing. That credentials are unique to each device. It could in fact become a posi- tive selling point." Brexit, was another concern raised. "When we embark on new trade relation- ships with other countries, does the security of those nations and their threats become ours?" asked one delegate. "Do they become the back door to the UK?" Certainly, international information- sharing was seen as a really interesting chal- lenge ahead, and whether the UK will be well placed to withstand threats from other countries with hostile intentions. Another, quieter, threat mentioned was the general apathy around cyber – and whether this was going to pose a real risk as more and more data is shared. There was also nervousness around sup- ply chain practices and behaviours. "Should we have something in procurement legisla- tion that forces us to do things to protect against this more?" asked one. "There are things that feel inherently risky, but procure- ment law currently stops us from doing any- thing about that." Suzanne Heneghan, editor, Utility Week "How you access an organisation in a crisis speaks volumes. Being overt and out there. Saying this is what's happened and we recognise it." "Threat modelling is the future if you are to really understand the cyber risks to your organisation." "Tomorrow's threats are going to be low- cost commodity hardware in the IoT space. Tens of thousands of them. They are going to be in every home and very accessible to the outside world." Brought to you in association with

• Cover