It’s almost unthinkable today that a company – especially a critical infrastructure company – would not monitor their IT systems from a cyber security perspective. Yet that’s precisely the situation many utilities find themselves in when it comes to operational technology (OT) systems.
A large part of this is that the cyber security sector has barely begun to provide dedicated, built-for-purpose cyber security solutions, standards and procurement requirements for OT assets. For most utilities, the desire is there but the pieces aren’t yet in place to implement best-practice OT security monitoring – understandable given that OT assets only began to be connected relatively recently.
So there’s a gap between OT assets becoming connected to the smart grid and the security solutions being implemented to match. The gap needs to close if we’re to keep Europe’s energy grids resilient and secure.
That’s why ENCS, along with members Alliander, Enexis, Stedin, E.ON, EVN and EDP, are conducting a joint project in OT cyber security monitoring.
The project’s scope includes the definition of requirements for OT security solutions, the evaluation of available solutions on the market, the definition of organisational guidelines as well as the development of an incident response training programme.
Most recently in April, security officers from the project participants met for a workshop at ENCS’ headquarters in The Hague to exchange ideas and experiences of monitoring for OT cyber security. Next, ENCS will use this insight to create a test environment for members to lab-test potential OT solutions before implementation.
At the same time, ENCS is canvassing input from the vendor community to assess the solutions on the market and any potential gaps. At the moment, OT security generally entails IT security systems modified to fit, but that’s beginning to shift as purpose-built solutions enter the market.
The project is a perfect example of the ENCS model in action. The world of cyber security moves fast – often far too fast for individual companies to keep up with everything on their own. Instead, our network is an active and collaborative place where members can exchange knowledge and expertise, and achieve far more by working together.
At the end of the OT security monitoring project, all ENCS members will benefit from a set of standards for system procurement, guidance on the solutions on the market and guidelines on ongoing monitoring and incident response. Ultimately, this will mean better protection for utilities and their customers.