Siemens has published a new incident response (IR)“playbook” that guides utilities on how to respond to a cyber attack.
The paper examines an incident response scenario, using specific examples drawn from a recent interactive session held in the United Kingdom. The exercise simulated an attack, which caused a blackout at the main electric utility, ACMEPower, in a fictional city called ACMECity. While this particular exercise was held jointly by the cybersecurity group of the UK Energy Emergency Executive (E3CC) and the UK Department for Business, Energy and Industrial Strategy (BEIS), its lessons are broadly applicable for regulators, utilities, and operational technology (OT) or information technology (IT) security experts anywhere in the world.
Introducing the paper, Leo Simonovich, Global Head Industrial Cyber and Digital Security, Siemens Energy, Inc. said: “Today’s cybersecurity environment brings attacks to the utility sector with increased frequency and sophistication – and many are struggling to adapt to the new normal. We can no longer treat cybersecurity as though attacks are rare, one-off events. Instead, utilities need to plan for resilience against the backdrop of constant siege.
According to Siemens, the best way to approach this new threat environment is to develop an IR plan to better detect, contain and eliminate cyberattacks with minimal impact on operations.
“Tabletop exercises can help utilities evaluate their cybersecurity strengths and weaknesses, and generate insights that shape their IR detection and prevention strategies. They bring abstract concepts to life and enable participants to connect the what-if incident response steps with day-to-day jobs. Done well, exercises can help key personnel preview problems likely to arise from real-life challenges,” said Simonovich.