Organisations are still underestimating the risks created by insufficiently secured operational technology (OT).
One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to a complete failure of the German capital’s waste water management.
The good news, at least for Germany, is that a combination of engineering standards and legal requirements often prevents many worst-case scenarios from happening. One such regulation requires that utility companies must be able to control their grids manually, if necessary. This is not the case in all European countries. If the legally required basic IT protections are in place, and two-factor authentication and other best practices are used, many potentially damaging incidents can be prevented or at least contained. Germany has a number of guidelines and standards that aim to minimise cybersecurity risks, including a law on basic IT security, ISO 27001, IEC62443 standards and a compendium published by the BSI, Germany’s equivalent to the UK’s National…
