Energy cybersecurity is something that the sector is rightly worried about – attacks aren’t just happening in the movies. We explain why energy firms need Cyber Essentials

Many energy businesses, especially those involved in storage, distribution and production are a part of critical national infrastructure. If you are one of these businesses, you should consider yourself to be a prime target for cyber criminals – both from cyberwarfare from rogue countries and terrorists, and from opportunists who prefer to focus attention on organisations where the impact of their actions is greatest.

Energy firm cybersecurity and the need for Cyber Essentials

There has been a notable increase in attacks on energy infrastructure and control systems in recent years with examples including Npower in Europe, the Texas Power Grid and most notably, in May 2021, Colonial Pipeline which suffered a crippling ransomware attack.

In their 2020 Cyber Readiness Report insurer Hiscox also noted that UK energy suppliers are greatly at risk from cyber attacks, with many experiencing one or more cyber-related incidents in the past two years.

Energy cybersecurity – What is Cyber Essentials?

Cyber Essentials is a UK Government-backed scheme which allows firms to certify themselves against a set of ‘best practice’ technical cyber security controls that are estimated to reduce the risk of a breach by up to 80%.

The assessment covers five key areas of security:

  1. Firewalls and Internet gateways
  2. Secure configuration
  3. Access control
  4. Malware protection
  5. Patch management

This can be carried out as a self-assessment, but we would advise that anyone appointed to do this has a good technical understanding and knowledge of the scheme. Alternatively, an official Cyber Essentials certification body such as Pro Drive can help you.

How does Cyber Essentials help?

Cyber Essentials allows your Energy firm to show you have put in place the recommended UK Government controls to reduce the risk of cyber attack against your organisation. For a sector at such high risk of cyber attack, these controls should be the minimum level you operate at – in fact we recommend going much further for your operational networks.

As well as protecting your business, having a Cyber Essentials certificate allows you to demonstrate to regulatory authorities, investors, auditors and clients that you have implemented appropriate cyber security without having to undergo costly audits or completing time-consuming due diligence questionnaires.

On completing the standard Cyber Essentials, an audited Cyber Essentials Plus assessment can be carried out to give you peace of mind that the improvements you have made stand up to technical testing.

How do I get started?

The scheme is designed to be pretty straightforward, at least in the initial stages. The time it will take to become certified will depend on the size and scale of your business and, of course, the knowledge you have around cyber security.

It can be really beneficial to enlist the help of someone who has the expertise and experience to take you through Cyber Essentials. Pro Drive offers several packages to guide you through the process and help you pass the assessment.

If you would like to find out more about this vital component in energy cybersecurity, please refer to the Cyber Essentials website.

If you feel you might need some support in getting Cyber Essentials certified or an initial opinion on how much work there is to do, call 0330 124 3599 to speak to us or use the form below.