Scott Roe from Corporate Risk Solutions, a solution provider at the marcus
evans Generation Summit 2012, on protecting utilities from internal and external
attacks.
Interview with: Scott Roe, President, Corporate Risk Solutions
FOR IMMEDIATE RELEASE
“It is crucial for power utilities to be prepared for malicious attacks and
internal actions that could potentially bring down their organization,” says
Scott Roe, President, Corporate Risk Solutions. Organizations must consider how
the utility is being accessed and maximize security, he adds.
From a solution provider company attending the marcus evans Generation Summit
2012, in San Antonio, Texas, February 7-8, Roe discusses the three primary
phases organizations must go through when responding to an attack on a utility.
Why must there be more focus on the protection of utilities?
The reliability of the electricity sector is paramount. Most of the nation’s
critical infrastructures, such as telecommunications, banking and finance, and
transportation are dependent upon reliable power to operate. Every process and
operation in the energy industry requires dynamic information flow which can put
systems at risk. This could be a customers’ personal information or information
that the system relies on to manage electricity. Simply stated, utilities must
protect their customers’ information and the systems in place.
Managers should identify how the utility is being accessed both physically
and logically. Does the public have any access? How is the information being
stored? While typically a private network, does it use or allow public
interface? What is the remote-access capability of the system? There must be a
focus on the access points where information has the potential to be leaked and
how that is being protected from within.
What benefits does Business Continuity bring?
Security solutions and Business Continuity are risk management tools that can
assist the organization in defending against and responding to malicious
attacks. While utilities are used to handling impacts and risks related to
severe weather, outages, etc., they are not as adept at handling the recovery
processes surrounding malicious events, such as cyber attacks or internal
actions that could potentially bring down the organization.
What are the three primary phases for responding to an attack on a utility?
The first is incident response. This typically includes containing or
isolating the event to reduce total impact and to limit continual collateral
impact.
The second phase is disaster recovery. This involves returning to a state of
operations, through the use of redundant systems, spare parts and temporary
processes.
The third is business resumption, when operations return to a normal state.
Another key goal of this phase is to complete an After Action Review to identify
what occurred and what can be done in the future to prevent it from happening
again.
Any final comments?
Utilities have a reputation for engineering just about everything, yet with
Security, they often treat this as an “add-on”. To ensure effective regulatory
compliance and, more importantly, to enhance their risk management program,
Security and Business Continuity should be “engineered” into their processes.
They must consider how security can be maximized more efficiently, including
whether it can be built into the operations and structures themselves.
About the Generation Summit 2012
This unique forum will take place at The Westin La Cantera Resort, San
Antonio, Texas, February 7-8, 2012. Offering much more than any conference,
exhibition or trade show, this exclusive meeting will bring together esteemed
industry thought leaders and solution providers to a highly focused and
interactive networking event. The Summit includes presentations on meeting
future energy demands whilst advancing clean air objectives, revolutionizing the
energy mix and preparing for regulations which lie ahead.
No comments:
Post a Comment