Energy
We all know that contemporary society relies on different forms of energy, whether that is:
Electricity
Generated by burners coal, gas or oil
Generated by nuclear power
Generated by renewable techniques such as solar, wind or water power
Oil & Gas
The organisations which generate, transmit and supply these forms of energy are critical to society, and if you work for a provider you will know this very well, with an ethical and legal requirement to being able to provide energy to society being key to daily work.
What may not be on the forefront of your mind when electricity or gas supply is cut of is the fact that such a shutdown could be the result of a cyber attack.
The reasons for Critical National Infrastructure cyber attacks are many, but include:
State-based attacks
Corporate espionage
Disgruntled employees
Accidental/Unknowing actors
or a combination of any/all of the above
Why ARE energy systems vulnerable to cyber attacks?
Energy providers, like many industrial organisations, want to see efficiencies in their automation systems. For this reason, they are investing in newer supervisory and data analysis systems which connect existing Operational Technology (OT) networks with Information Technology (IT) networks and Industrial Internet of Things (IIoT) networks.
Unfortunately, this opens up the OT network to increased threat of cyber attack. If disruption were to occur on OT systems, then business continuity could slow down to a complete halt. Leading to a lack of supply to society, and potential fines from regulators.
Cyber Security Regulation - Your responsibilities
Ask yourself
How are you managing cyber security risk?
How are you protecting against cyber attacks?
How are you detecting cyber security events?
How are you minimising the impact of those incidents?
There are regulations in place in many countries which attempt to ensure that Critical National Infrastructure providers are striving towards the highest levels of cyber security on both their IT and their OT systems. In the United Kingdom and throughout Europe we have the Network & Information Systems Directive on Security (“NIS Directive”) which was written into law across the European Union in 2018. In the United States of America, there are similar regulations in place which follow the NIST CSF.
We can help you
We have years of experience in cyber security, digital forensics, incident response and software engineering. We also understand the unique challenges and requirements of Operational Technologies (OT). We develop software solutions from the ground up with these OT-specific challenges and requirements in mind, and we know that we cannot simply re-purpose (or rebrand) existing IT tools.
Perhaps you would like to make the whole NIS Directive auditing process a lot simpler, and a bit more collaborative - avoiding complex excel spreadsheets with dodgy versioning. Profile is built with the NCSC Cyber Assessment Framework (CAF) at its core. If this sounds of interest, then Profile is definitely for you.
Maybe you are looking for a more in-depth understanding of the OT assets and their vulnerabilities, but in a way that is automated but still safety and security critical. Dot currently has support for Modbus, Siemens S7, DNP-3, Ethernet-IP and more. If this sounds of interest, then Dot is for you.
Or perhaps you are looking for something a bit more bespoke, or require some consultancy. If we can help, we will. If we can’t help, then we will work with our partners to deliver the services and systems that you require.
Contact us today to get a quote, or to just chat about possibilities - with a guarantee of no hard-sell.
hello@awencollective.com