If you attended DistribuTECH 2019 and joined any of the “defending the grid” sessions, you saw that intense focus continues in all things cybersecurity. It seems everyone realizes cybersecurity has rapidly become one of the greatest operational risk to a utility. Due to the extreme technical nature of threats and preventative measures, if you are not a cybersecurity expert these can be very difficult to discuss, let alone understand.
If the extent of your cybersecurity questions have been answered by your cybersecurity staff with a statement similar to this: ‘`We have a defense in-depth approach to protecting the utility,’ I offer several thoughts on how to drive the conversation to get the details you need and ensure you have sufficient protection in place. After all, when a cyber incident occurs, it is you, the leaders of the utility, who will be questioned on what happened, how the breach could have possibly occurred, why it wasn’t prevented, and how you are responding and recovering. Don’t wait until it is too late to learn how to answer these questions.
The following are suggestions on how non-technical leaders can have a meaningful discussion…