Smart Grid Cybersecurity 2020 Blog

Smart Grid Cybersecurity 2020 Blog

Keep up to date with the latest developments for the Smart Grid Cybersecurity 2020 virtual conference run by Smart Grid Forums.

Case Study: Elektrilevi

Have you fully implemented your end-to-end cybersecurity prevention, detection, and response strategy? Are you finally compliant with all regulatory guidelines and requirements as set out for national critical infrastructure operators? Do you have ongoing board support and investment firmly in place? Then why are you still experiencing cyberattacks on a level you’d expected to be beyond by now?

One of the biggest threats to utilities’ cybersecurity defences is still its own workforce! With the increasing complexity of the smart grid, the attack surface has not only increased externally but also internally. Utilities acknowledge that their defences are lagging behind the capability of attackers, leaving them vulnerable, and so defences must be fortified to achieve true end-to-end grid resilience.

Indrek Kunnapuu, CISO at Elektrilevi in Estonia, has been successful in implementing a company-wide awareness project to train and align all their staff. We are pleased to announce that Indrek will be joining us at the Smart Grid Cybersecurity 2020 virtual conference to share his insights and offer you advice to raise the level of cybersecurity awareness in your own organisation. We recently caught up with Indrek to hear more about his presentation in advance of the conference.

Indrek explained: “One of the current main projects for us is awareness training across the workforce. We tried training groups, but the security awareness content was not engaging the large audiences, and it was time-consuming on our behalf to reach everyone. We are now using a new approach for this, an ambassador-led programme with volunteers across the company, gathering those with more interest in cybersecurity and IT. We train them so they can then, in turn, train their teams and become the cybersecurity contact lead in their department, giving me points of contact and company-wide visibility.

We have at least one person from each of our 50 business units, thus ensuring my reach encompasses all members of the company. Using this method has proved very cost-effective and less time-intensive for the team and myself. In addition to this, we post monthly and weekly update articles internally to drive awareness on multiple levels. As well as managing down, I report up to the CIO and have regular meetings with the whole board to keep them up to date and ensure my requirements are met, personnel and budget-wise.

Alongside our new training programmes, we have recently implemented a new SOC which I’ll go into more detail about at the conference. It is working well but of course, is under continual improvement to eliminate the false positives and increase the validity of the monthly report.

I am looking forward to both hearing from other industry Cybersecurity professionals and sharing more on my projects at the conference.”