ME govts lag on cyber protection for utilities
Authorities called upon to implement policies to protect infrastructure
Governments in the Middle East need to develop coherent cyber security strategies, to protect energy companies and utilities, according to risk management specialist DNV KEMA Energy & Sustainability.
The company, part of DNV, a global provider of services for managing risk, says that the impact of a cyber attack against energy generation or infrastructure would have an impact at a global, and not just a national level, and that governments must do more to co-ordinate defences.
"As cyber security threats are not restricted to one single group but can come from different corners, it is time that we all open our eyes and take appropriate actions to protect our countries and guarantee a safe and sustainable energy provision," said Mohammed Atif, managing director of DNV KEMA.
"It is a positive development that the Gulf Cooperation Council has placed cyber defence as one of their priority areas for development. It is also positive that a number of member states have planned investments to protect their energy infrastructure. However, the composition and implementation of well-defined cyber protection plans are lagging behind compared with other regions. This is a situation to really worry about. A cyber attack on crucial energy supplies and transiting routes in this region would impact the entire world."
Atif warned that increased awareness of industrial control systems, known as SCADA, and the increased connectivity of energy generation and transmission systems with the internet, is making them more vulnerable to cyber attack, as seen in the attacks against Iran's nuclear energy facilities.
Governments in the region need to have more awareness of the threats, and to roll out cyber security strategies, which Atif says have been planned but not implemented. A report from DNV KEMA says that regional governments need to develop regulations similar to the US CISPA (Cyber Intelligence Sharing and Protection Act) of 2012, which sets forth the rights and obligations for both US Federal Governments and critical infrastructure owners and operators to protect energy systems.
"Sharing responsibility between governments and companies in vital sectors is a first, necessary step in securing safe and reliable cyber networks," Atif said. "As cyber security threats are not restricted to one single group, but can come from different corners e.g. governments, activists and hackers, criminal organisations, terrorist organisations and even from within, it is time that we all open our eyes and take appropriate actions to protect our countries and guarantee a safe and sustainable energy provision."