Skip to main content

Release of Cyber Resilience in Electricity

By Uncategorized

Release of Cyber Resilience in Electricity:
Playbook for Boards and Cybersecurity Officers

ENGIE Laborelec is very proud to share the WORLD ECONOMY FORUM’s latest publication to which our colleague, Olivier Vandelaer contributed, “Cyber Resilience in Electricity: Playbook for Boards and Cybersecurity leaders”.

In 2020, the world is experiencing an unprecedented crisis that is causing chaos in the global economy, disrupting supply chains and transforming society. This new reality is reshaping the digital landscape while straining supply chain resiliency and cybersecurity operations with the escalating risk. Ensuring effective cyber resilience across the ecosystem is imperative for business leaders in the Electricity sector and requires a combined and aligned multi-disciplinary effort to achieve a cohesive business and digital enablement.

This report, developed in conjunction with the Forum’s electricity industry community and Accenture aims to address the particular needs of businesses operating in the electricity ecosystem. ENGIE Laborelec is delighted to be a part of this unique platform bringing together academics, public sector leaders, and senior business executives.

Read the full report in PDF

First steps to implement an ISMS

By Uncategorized

First steps to implement an ISMS

BRUSSELS | April 2, 2019: The objective of an Information Security Management System (ISMS) aligned to the internationally recognized standard ISO 27001:2013 is to protect the confidentiality, integrity, and availability of your company data/assets. This will bring more value to the company and more confidence from your customers.

Benefits of an Information Security Management System according to ISO 27001

Some companies may falsely believe that they don’t need a formal ISMS. They may have certain controls already in place or are deploying modern technology to protect themselves from cyber-attacks. However, the benefits of implementing an ISO 27001-compliant ISMS are far greater than many people perceive or realize.

  • It encompasses people, processes and IT systems by recognizing that
    information security is not just about antivirus software. It also depends on the effectiveness of organizational processes and the people who manage and follow them.
  • It helps you to coordinate all your security efforts (both electronic and physical) coherently, consistently and cost-effectively.
  • It provides you with a systemic approach to manage risks and enables you to make well-informed decisions on security investments.
  • It can be integrated with other management system standards (e.g. ISO 22301, ISO 9001, ISO 14001, etc.) ensuring an effective approach to corporate governance.
  • It creates better work practices that support business goals by asserting roles and processes which should be clearly attributed and adhered to.
  • It requires ongoing maintenance and continuous improvement. This ensures that policies and procedures are kept up-to-date, resulting in better protection of your sensitive information.
  • It gives you credibility among staff, clients and partner organizations and demonstrates due diligence.
  • It helps you to comply with corporate governance requirements.
  • It can be formally assessed and certified against ISO 27001, providing additional benefits: demonstrable credentials, customer assurance, and competitive advantage.
First steps to implement an ISMS_componement

ISMS – Challenges of the implementation process

As you may already know, a high-level implementation process consists of defining the scope, analyzing the current status of the processes, conducting gap analyses, writing policies and procedures (or aligning the current ones) and at the end approving and integrating those in your company day-to-day activities. Sometimes this integration may take time, depending on the size of the company, on when it has been established and of course on the corporate culture. And sometimes, the employees may not be all in favor of the process.

There are 6 recognized phases for managing cultural changes which almost every company goes through:

  • Denial Phase: “They aren’t really going to go through with it”
  • Anger Phase: “What a waste of time and money”
  • Bargaining Phase: “If they want me to do that, fine, but I won’t have time to do my other duties” or “if they make me do that I’ll resign”
  • Depression Phase: “This is really happening and there is nothing I can do about it”
  • Acceptance Phase: “Well this is how it is, but things aren’t so bad”
  • Moving on Phase: “Actually this new set up is better than the old one and I can make this work for me”

Even if it looks very straightforward at first glance, many companies are making mistakes when trying to decrease their implementation costs by narrowing the scope of measures or neglecting some of the requirements of the standard.

Data protection in our own house: ISMS at your company

To achieve the challenging task of setting up an ISMS, you need to have initial meetings with many business process owners and managers. This is an important step in the implementation because you will get a deeper understanding of the processes, different business specific requirements and, last but not least, the defining interested parties. To organize these meetings, you need to send the meeting requests 2 weeks in advance, due to the fact that people works on many different projects and some of them maybe are on business trips.

Senior Management Support is the key

There is no way how not to mention the fact that one of the essential elements for implementing ISMS is Senior Management support. Based on my experience, I can say that this support will boost the process. How? For example: If in your company there are no physical access controls on the main section doors inside the building, this means that persons from outside could easily enter the building with some pretext that they are going to the HR department or they have a delivery for someone. Once inside the building, they could walk freely without any limitations. Once you install such kind of system, the situation will be much better: Physical access controls have been installed on each section door. Without an appropriate access card, they will not open the doors and walk freely. A little bit more secure, right??

So, without management support, how would you ever be able to implement such security controls? It just doesn’t work!

Partner with Engie Laborelec

ENGIE Laborelec has strong knowledge and field experience on how to assess and implement such processes combined with vast experience in with Industrial Control Systems (ICS). Our team will start to support your implementation project with training, awareness sessions, and workshops. At your demand, we will perform comprehensive cybersecurity assessment, define and implement ISO 27001-compliant policies and procedures, and put in place a continuous improvement cycle supported by internal audits, management reviews, and ISMS metrics.

If you do want to know more about it and have a conversation with our experts?
Email us or use the contact form.

Contact form
Send us an email

Cyber Resilience in the Electricity Ecosystem

By Uncategorized

Cyber Resilience in the Electricity Ecosystem

Principles and Tools for Boards

ENGIE Laborelec proudly presents the results of a fruitful collaboration with the World Economic Forum on cyber resilience.

Cyber resilience is a challenge for all organisations, but, due to its vital role as a societal backbone, it is of particular importance for the electricity ecosystem.

The power grid is an increasingly popular target for cyber threat actors: including hacktivists with the aim of causing civil unrest or state-sponsored groups performing espionage activities. Moreover, electricity organizations operate in an interconnected and interdependent environment where the consequences of a cyber attack on one can cascade to numerous others. Combatting this growing risk requires leaders to shift their thinking on cyber resilience in two fundamental ways:

1. Understand that cyber risk is a business and ecosystem-wide risk – not an IT risk – and integrate cyber risk management into all business decisions
2. Understand that managing cyber risk in such an interconnected environment requires that leaders think beyond the cyber resilience of their own “houses”, towards the cyber resilience of the broader “neighbourhood” of suppliers, customers, competitors, peers, and regulators among others.

This report developed by the World Economic Forum in collaboration with electricity industry partners and Boston Consulting Group offers principles to help board members meet the unique challenges of managing cyber risk in the electricity ecosystem.

Download pdf

A new partnership with Tata Consultancy Services

By Uncategorized

A new partnership with Tata Consultancy Services to develop new cybersecurity solutions

BRUSSELS | MUMBAI, November 12, 2018: ENGIE Laborelec is proud to announce a new partnership with Tata Consultancy Services (TCS), a leading global IT services, consulting, and business solutions organization. The partnership will focus on developing new products and services for the utilities sector to deliver protection against emerging cyber security threats. The collaboration between TCS and ENGIE Laborelec will bring together the expertise of two industry leaders in their respective domains to create unique value for the utilities sector. The partnership will also help prepare the industry for the European Union’s recently implemented National Infrastructure Security (NIS) Directive.

Download full press release