Standard content for Members only

To continue reading this article, please login to your Utility Week account, Start 14 day trial or Become a member.

If your organisation already has a corporate membership and you haven’t activated it simply follow the register link below. Check here.

Become a member

Start 14 day trial

Login Register

Security still an afterthought for too many companies

Stuart Reed says that in a landscape of transformation, utilities must make sure that cyber-security is first and foremost.

Ofgem’s recent Annual State of the ­Market report revealed that the average dual fuel energy bill for a typical consumer with large suppliers was up 4 per cent in 2018. These rising costs, combined with initiatives by the government to encourage the use of smart meters to monitor power, have resulted in changing customer consumption habits.

Energy providers have responded with a move to more digital services while also undergoing digital disruption themselves. This is reflected in our own research, which revealed that 64 per cent of chief information security officers (CISOs) at utility companies highlighted customer service as a key driver for investing in digital transformation.

A byproduct of digitalisation in the utilities industry is a growing surface of attack. Whether it’s cloud migration projects, more smart meters or other elements of digital transformation, CISOs are facing an increasingly difficult challenge in ensuring they have broad and thorough protection against attacks.

Just last year, GCHQ warned that, if compromised, smart meters could enable suitably determined hackers to steal personal information and even access other connected devices around the home.

When you consider that organisations in the utility sector are responsible for some of the most critical public services, from energy to providing clean water, the significance of an attack grows. Indeed there were a string of attacks against utility firms in the US back in September, and the city of Johannesburg was hit by two ransomware attacks, one that left citizens without access to power. The government’s National Cyber Security Centre has warned that an attack on UK critical national infrastructure is a matter of when, not if.

With huge potential for a hacker to inflict significant damage, not just on the firms but also on the general public, utility companies cannot afford to have blind spots and underestimate the vulnerabilities and risks that might be around the corner. It is therefore unsurprising that 83 per cent of respondents in our survey suggested that cyber-security was a growing priority within their business, listing potentially exploitable connected devices and the sophistication of cyber-­criminals among their top concerns when it came to adopting new technologies as part of their broader digital transformation strategies.

Despite this, only a third (34 per cent) of organisations admitted considering cyber-security during the development stage of their transformation. Instead, more reported leaving it to either the pre-implementation (28 per cent), implementation (27 per cent), or even the post-implementation phase (9 per cent). This demonstrates a potential issue around securing critical national infrastructure with security seeming to be an afterthought.

Digital transformation initiatives need to be built with security at their heart in order to instil trust across both the organisation and the citizens it serves. This includes getting the basics right and ensuring that the whole company is involved in becoming more cyber savvy. It is also important for critical industries to have a layered approach to cyber-security, all the way down to a network level, to ensure any malicious activity can be identified and eliminated quickly.

Taking early steps to minimise the risk of exploitation will help maintain consumer trust and ensure a successful – and profitable – digital transformation. Failing to do this could result in a situation where digital transformation projects are, in fact, only painting over the cracks.