Utilities often take a compliance approach to security, viewing it as a “checkbox” to satisfy regulatory requirements. However, as the threat landscape evolves faster than regulations, protection, not compliance, must be the primary objective. In addition to the growing threat concern, security tools are not the end-all-be-all solution to mitigate security risks and may lead to a false sense of security.
Securing critical operational technology from cyberthreats must be proactively designed and embedded within real-time network architecture and reactively addressed through cyberattack isolation plans.
In this session, attendees will learn how one utility is taking a proactive approach to reduce the impacts (compromised processes, outages, NERC CIP noncompliance) of a cybersecurity incident by evaluating and implementing a combination of cybersecurity measures in the areas of architecture, hardware, software-based solutions, and processes.