Question

Cybersecurity Awareness Month Q&A Series: What's the key cybersecurity tool you think utility leaders aren't utilizing sufficiently?

Posted to Energy Central in the Digital Utility Group
Matt Chester's picture
Matt Chester 420,149
Energy Analyst, Chester Energy and Policy

Official Energy Central Community Manager of Generation and Energy Management Networks. Matt is an energy analyst in Orlando FL (by way of Washington DC) working as an independent energy...

  • Member since 2018
  • 11,687 items added with 1,766,417 views
  • Oct 18, 2022
  • 493 views

This month is Cybersecurity Awareness Month, as recognized by CISA, and because cybersecurity has become such a critical part of utility operations we wanted to pay homage with a series of Q&A's on the topic during the course of October for our resident experts to chime in on. Feel free to answer this and other questions you see come in, and also we invite you to submit your own question as well by clicking here

The rapid acceleration of technology designed to help bolster the cybersecurity of the grid and utility assets across it makes it sometimes challenging just to keep up to date on what each power provider should be investing in. So for the cybersecurity experts in the community, I'd love to see a discussion: what tools are out there for cybersecurity that you don't think are being utilized to the greatest degree possible? What solutions are being too commonly overlooked? Discuss in your answers below. 

 

Your access to Member Features is limited.

Energy Central
Energy Central is an online community for global power professionals searching for information, products and services related to the energy industry. Energy Central helps the Power Industry work better!
Go to Org's Profile page
RECENT POSTS FROM THIS COMPANY

Answers

Richard Brooks's picture
Richard Brooks
Richard Brooks's picture
Richard Brooks
Co-Founder and Lead Software Engineer
Reliable Energy Analytics (REA)
215,301

Member since 2018
Co-Founder and Lead Software Engineer, Reliable Energy Analytics (REA)
October 19 2022

I'm a bit biased in this response, but I think it's still worth stating.

All successful cyber-attacks apply software in some form or fashion to carry out their nefarious acts. It doesn't matter if it's a VBA macro in a Phishing email attachment or an app you download from an app store and install it in your smart phone - it's all software. Which enables me to posit confidently "Software is the root of all evil in successful cyber attacks".

So, if you want to prevent from becoming a victim of a successful cyber-attack you must start by closely examining the risk in any software artifact, i.e. app in an app store and other sources of software, before purchasing and installing. Visibility into software risk is possible using existing tools and methods, preventing risky software from being installed, ruining your day and your data. Look for Cyber Supply Chain Risk Management solutions that follow NIST C-SCRM best practices described in NIST SP 800-161 and other NIST Guidance, described in OMB Memo M-22-18.

If you believe, as I do, that software is the root of all evil in a successful cyber-attack then consider implementing tools that will help you detect risky software before any attempt to purchase or install software

About

Energy Central was founded in 1996 to satisfy the global power industry's need for a reliable, trusted information hub where executives and field representatives alike could share ideas and discuss concepts that could alter the future of global power industry. 

Energy Central is an online community for global power professionals interested in:

  • News
  • Discussions
  • Jobs
  • Education, Conferences and Webinars
  • Conferences
  • Reference Materials
  • Marketing Services
  • Research
  • Working Groups
  • Industry Experts
  • Industry Collaboration
  • Projects

By teaming with companies that service the energy industry, Energy Central provides a broad base of informational products all focused on a single industry and all accessible from a single gateway on the Internet.

At EnergyCentral.com, you’ll find content for power professionals in all aspects of the industry:

  • Generation
  • Transmission & Distribution
  • End-Use Management
  • Utility Business
  • Energy Storage
  • Regulatory
Related Content
An opportunity to get involved with fixing VEX
Best Practices for Cloud Security in 2023
2 Casino Ransomware Attacks: Caesars Paid, MGM Did Not
KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA
Recent Comments
hengky wijaya
hengky commented on ...
Greenland Ice Melt: ‘Scientists Say They’ve Never Seen Anything Like This Before’
this is interesting topic you know, 
Matt Chester
Matt commented on ...
The KJ Show #59 - Catch and Release!
Carbon capture needs improvement, but I wouldn't go so far as to blanket that industry with the greenwashing label.
Matt Chester
Matt commented on ...
Ocean Current Shutdown Could Be Catastrophic
These are the types of changes the lay person might not understand or appreciate, but the totality of the impact can indeed be horrifying.
Matt Chester
Matt commented on ...
'Green infrastructure' pulls big VC dollars into climate tech
The VC behind green tech shows once again that this isn't purely a play for the environment, but that there is real profit to be had in moving in...
Energy Central Jobs
Featured Jobs
More Jobs