12.03.2020
Siemens publishes Incident Response Playbook for Energy Infrastructure
Leo Simonovich, the Global Head of Industrial Cybersecurity at Siemens Energy introduced a Playbook for Incident Response for Energy infrastructures. The paper paper examines an incident response scenario based on a simulated attack, which caused a blackout at the main electric utility, ACMEPower, in a fictional city called ACMECity.
While this particular exercise was held jointly by the cybersecurity group of the UK Energy Emergency Executive (E3CC) and the UK Department for Business, Energy and Industrial Strategy (BEIS), its lessons are broadly applicable for regulators, utilities, and operational technology (OT) or information technology (IT) security experts anywhere in the world.
In its paper, Leo Simonovich refers to an independent study research from the Ponemon Institute. According to the study, 54% of global utilities expect an OT attack in the next 12 months. Having said that, less than 50% rate their own readiness and response to cyberattacks as high, and 35% of them have no response plan in place.
Mr. Simonovich stresses the importance of a clear OT response framework that includes preparation for an attack, identifying a breach, containing damage, removing the threat, enacting recovery, and documenting lessons learned from the incident. A solid response plan should also build a culture of continuous improvement and constant vigilance.