For decades utility companies have been subject to the most advanced attacks by cyber criminals across the globe. Unfortunately, criminals aren’t just targeting the corporate data networks. In fact they are also heightening their attacks to target their industrial control systems. As a result, it’s imperative that these companies consider upgrading their utilities cyber security.
Results of these attacks on critical systems can have a drastic effect on national infrastructure. In 2015 a number of Ukraine power plants suffered a catastrophic cyber-attack. As a result, their industrial control systems were left dysfunctional. The affect was very substantial as around 250,000 people lost power to their homes.
A compromise of the corporate network could result in loss of key business data. Furthermore, this can serve as a method to attack control systems. If successful, this could lead to competitive, financial or reputation damage to the utilities operator.
Control System Security
Loss of process integrity or availability of control systems could lead to potential health and safety issues. This can also lead to manual working practices or unscheduled outages.
There has been an increase in legislation related to utilities operators. These can include the NIS directive, HSE and Industry specific legislation.
Loss of customer data deemed as personal data, would be a breach of the Data Protection Act 1998. Even stricter data protection laws are soon to be introduced. In May 2018 European countries will have to adhere to the General Data Protection Regulation (GDPR).