MSSPs and load controllers targeted by cyber regulations
Managed security service providers and load controllers are expected to become subject to the most stringent cyber-security regulations along with utilities as the scope of the UK’s cyber legislation is expanded, an expert has said.
Load controllers are devices designed to ensure the electrical load on a generator remains constant. This is important for balancing the supply of electricity with demand and utilities may intervene in real time to do this. Meanwhile utilities may also find any security services they outsource to managed service security providers (MSSPs) fall within the remit of the new NIS legislation.
Britain is currently reviewing its cyber-security legislation in response to developments in the EU, where a new, more comprehensive cyber-security directive, NIS 2, is being introduced.
There will be differences between the updated cyber laws in the UK and Europe, but in essence, more companies are to be regarded as essential services and subject to the most stringent cyber-security regulations – and penalties if something goes wrong. The Information Commissioner’s Office can issue penalties for contravention of NIS up to a maximum of £17 million in the most serious cases.
Victor Lough, cybersecurity and solution services business lead for process automation at Schneider Electric, said he expected service providers and load controllers to be subject to the revised legislation when it becomes law. “For utilities, the expectation is that load controllers and MSSPs within the sector will fall within the new regulatory framework.”
Lough is currently collaborating with the Department for Energy Security and Net Zero (DESNZ) Supply Chain Community of Practice Principles Group for energy. Lough said the group was working to establish a key set of principles to ensure consistency of security delivery across the supply chain.
Lough said it was essential human factors were considered when it came to cyber security.
He added that the US Department of Defense was now investing billions in ensuring a zero-trust architecture for its IT systems. “You can do the same thing with operational technology,” he said.
Want to learn more? Join Victor at our webinar on NIS 2 and the implications for utilities this week.