This is a continuation of the 2015 presentation zooming in on attack surface, attack anatomy and how of each of the 6 risk strategies can play a role in keeping your business secure. If you're a grid operator that is... Presentation delivered at Global Energy & Utility Cyber Security Summit, Berlin on 27 September 2016
3. digital strategy &
architecture
Topics
1. How a grid operator – or any company - is actually an IT company
2. Threat landscape
3. Vulnerabilities?
4. Recognizing and dealing with risk
5. Resilience is the word
3
15. digital strategy &
architecture
2. Cyber terrorists
15
1. An attack must be politically-motivated in nature and lead to
death or injury
2. An attack must cause fear and/or physical harm through cyber
techniques
3. An attack must be against critical information infrastructures
such as financial, energy, transportation and government
Source: Ahmad & Yunos (2012)
40. digital strategy &
architecture
5. Takeaways
40
One can have a very sound risk policy mix that fits the risk appetite
Normally this should help reduce residual (cyber security) risk
And hence the risk vs reward rate
Internal expertise ideally matches external (but we are a grid operator, not a security specialist)
Isolation is an art form and so is redundancy
Resilience is obtained when residual risk is small enough