Security, Governance and IAM Are Strategically Important for E&U Companies

1. Security: Protecting Critical Infrastructure

Across the US, utilities and utilities remain vulnerable to cyberattacks, with the rate of attacks expected to rise to 70% by 2024. they are using outdated software,” writes Douglas McKee, director. Director of threat research for SonicWall, at Reuters.

That’s why it’s important for IT leaders to invest in protecting their valuable resources. Organizations can follow basic cybersecurity guidelines issued by the US Department of Energy, Office of Cybersecurity, Energy Security and Emergency Response (CESER) by February 2024.

Basic information includes inventory, ensuring IT and operational technology security, mitigating known vulnerabilities, providing third-party verification of cybersecurity controls, reporting of supply chain incidents , to strengthen network and vendor security requirements, and to change default passwords. The hope is that these guidelines will strengthen future security and help agencies detect any potential national threat actors lurking in key US facilities.

In addition, the North American Electric Reliability Corp. Critical Infrastructure Protection requires companies to follow established security management systems, electronic security perimeters, system security systems, incident reporting procedures, vulnerability assessments and others.

2. Governance: Providing Data Integrity and Compliance

Once your security measures are in place, effective data management is the next step. Without data management, energy and utility companies cannot trust if the data they use is of high quality and reliable.

“Ultimately, the goal of governance is to know where data comes from, what it is, who can access it and when it should be released,” says IBM.

“A strong data governance framework helps implement business-ready data by helping to increase transparency, trust, and understanding of data and how to use it (aka reading and writing), speeding up time to insight, while allowing sensitive information to remain hidden unless appropriate,” according to an IBM whitepaper.

To achieve quality data, a person or group should be tasked with owning it, including how it is collected, verified, stored, shared and disposed of, in standardized ways across the organization.

With quality data, E&U companies can greatly simplify their data analysis, compliance and reporting processes, says Stewart Bond, IDC’s vice president of data integration and software services. smart, soon. BizTech the brute

You are serious: Data management provides a quick way to reduce issues related to AI.

3. IAM Controls: Improving Operational Performance and Accountability

The third part is to implement identity and access controls so that only authorized people have access to sensitive data. IAM also provides a clear sense of responsibility for people with special access who regularly monitor unusual activity and flag potential threats, writes Sharon Chand, principal at Deloitte Risk & Financial Advisory and a leader in cyber security solutions for corporate cyber Risk. Service custom.

Once IAM is in place, organizations can begin moving toward a zero-trust model, which can close any gaps in IT and OT security systems, according to the National Institute on Law and Technology.

CHECK: How E&U companies can improve their IT today.

According to the National Institute of Information Security NIST, there are several ways to incorporate IAM into critical processes, including:

• User authentication and authorization services based on identity and assigned roles
• Device authentication and authorization services to verify and control access to connected devices
• Identity and access control tools that translate human-readable access requests into machine-readable permissions
• Industrial control system components, such as terminal units, programmable logic controllers and relays
• Physical access control tools that integrate standard communication links
• Communication tools that improve OT security by adding capabilities for authentication, authorization, access control, logging and logging.

“Before, there was a lot of focus on making it very difficult to break into the company. That protected the soft core of the organization. Now, that area is gone because the company is connected to its client. of the cloud, the grid system and other ecosystem partners to follow the steps of the company. We need to increase the cyber control to the end where trust has a strong role to play, “says Chand.