BitSight

OT/IT Convergence: Why Vendor Risk Matters to Energy and Utilities

Ben Fagan | October 8, 2015

BitSight’s Third Annual BitSight Insights Industry Benchmark Report: Are Energy and Utilities at Risk of a Major Breach? discussed the growing convergence of operational technologies (OT) and information technology (IT). In short, this issue revolves around making operational technologies internet enabled. These technologies - which include generation, transmission, smart grid systems, meter reading and more - are increasingly being brought online to enable a smarter grid and systems.

Download the latest BitSight Insight Report The convergence of OT and IT makes a lot of sense: it allows these operational technologies to be more efficient. Nevertheless, this trend toward bringing operational technologies onto the internet presents major risks. SANS has highlighted this problem in a recent report noting, "building automation systems, rife with networked monitoring, control and reporting devices can be interrupted either by attacking the devices individually or disrupting the network itself, and automated pharmaceutical production can be halted by events as simple to implement as buffer overflow or denial of service attacks”. The consequences of disruption to the Energy or Utility sector could have serious consequences. Large insurer Lloyd’s has estimated that a cyber outage of the electric system could cause up to a trillion dollars of economic loss.

So what can the Utility and Energy companies do about this growing threat? Beyond implementing best security practices in-house, companies need to be hyper-aware of the risks posed by vendors. As evidenced in breaches affecting industries such as Retail and Finance, vulnerabilities within the networks of third party vendors can pose a major security threat to internal systems. As Utility and Energy companies begin to connect important systems to the internet, these companies need to be aware which vendors have access to their network and their sensitive data. Beyond thorough audits, penetration tests and questionnaires, this industry can implement continuous monitoring of all vendors in order to make sure that issues on outside networks are remediated - before they pose a threat to these increasingly connected systems that we rely upon every day.

What are central challenges for other industries?

Download the third annual industry benchmark report to learn what the key cybersecurity challenges are for the Finance, Federal Government, Healthcare, Retail, and Education sectors. 

Download the latest BitSight Insight Report "Beware the Botnets"

Suggested Posts

Meet Our Customer Success Team: Hayley Combs

Check out this Q&A with a Lisbon-based member of BitSight's Customer Success team to learn about her role as an EMEA Customer Success Manager, her experience, and more.

READ MORE »

Meet Our Customer Success Team: Jyotsana Shukla

Check out this Q&A with a Australia-based member of BitSight's Customer Success team to learn about her role as an Senior Customer Success Manager, her experience, and more.

READ MORE »

Meet Our Customer Success Team: Maggie Fitzgerald

Check out this Q&A with a US-based member of BitSight's Customer Success team to learn about her role as a Customer Success Manager, her experience, and more.

READ MORE »

Subscribe to get security news and updates in your inbox.