Utility professionals came together for the inaugural Secure Utilities event on 23 March in Melbourne where experts in data security discussed the steps that utilities should be making to ensure their organisations are protected against cyber attacks.
Due to the rapid digitisation of the utility industry, security is now more important than ever before, and Utility Magazine’s Secure Utilities was a practical discussion to help utilities learn the best ways to keep their data safe.
PwC’s Mark Coughlin gave the morning keynote which presented utilities with an overview of the issues they are facing and what the current landscape looks like, before speakers from the water, electricity, security and finance industries highlighted the key things that utilities should be doing in regards to their data security.
Jarrod Loidl from ANZ Bank explored the similarities between banks and utilities and outlined what utilities can learn from the finance industry to make their organisations more secure.
Jarrod put forward tips on how utilities can better address risks, including determining what are the most critical assets, having clearly defining budget and investment decisions, and identifying what the known gaps are in the current control landscape.
Jarrod also highlighted that while prevention is always better than the cure, utilities should start to focus on detection and incident response to build a more resilient environment, with measures such as red team penetration tests.
Scott Ceely used his years of security experience to explore how utilities should be thinking about their data security. Scott believes one of the key ways to keep building up security defences is for utilities to share their experiences with each other, so the industry can learn together.
He also discussed the ASD’s essential eight mitigation strategies across cyber attacks, and explored the cyber kill chain – a sequence that showed the stages of a cyber threat and when different types of attacks can occur.
United Energy’s Andrew Steer took delegates through United Energy & Multinet Gas smart grid initiatives and the processes that United Energy take to deal with security challenges to smart grids.
Professor Chris Leckie from the University Of Melbourne fascinated delegates with his presentation on new-generation Distributed Denial-of-Service (DDoS) Attacks and explored the attack on the Ukraine Power Grid, which was introduced via a phishing email to staff.
Information Security Recruiter and Founder Of Cybersec People, Ricki Burke, gave utilities great practical recruitment strategies they can implement to ensure the best cyber security people are employed at their organisations.
The water industry was represented by Zoran Savanovic from South East Water and Greg Ryan from the Water Services Association of Australia (WSAA) who both gave excellent presentations on how water utilities are affected by data security and how they can protect themselves against attacks.
Delegates were also offered strategies for how to best manage their data from experts outside of the utility industry, including Special Counsel from Herbert Smith Freehills, Kaman Tsoi, and Simon Smith, CEO of EVestigator.
Enex Carbon Principal Consultants Rachel Zainey and Richard Sengmany’s presentation supported what several other speakers mentioned, that it’s just as important to look at the people in an organisation and ensure staff are trained on security risks and measures as it is to look at technology.
The conference closed with a panel, mediated by Management Consultant Ken Brandt, that gave delegates a chance to further join in on the discussion, ask questions, and think about where their utilities can go from here to help strengthen their data security strategies.
Utility Magazine will continue the data and cyber security conversation across its channels to ensure the utility industry is up-to-date with the latest techniques and information.
Utility Magazine’s next event, Asset Management for Critical Infrastructure, will take place on August 16 and 17 in Sydney. Stay tuned for more information including the full program.