“Choosing a modern, unified security software platform makes it much easier, as it is designed to record and retrieve the data you need, as well as to securely share files and reports online.”
other departments or external partners. Your SOPs can be auto- mated to streamline operations and reflect the real dynamics of your business. The system can also be set up to recognize anoma- lies and set alarms or triggers based on these differences so that potential threats are identified earlier.
STREAMLINE AND MODERNIZE
COMPLIANCE PRACTICES
As the industry becomes increasingly regulated to help protect our critical infrastructure, security teams need to modernize their compliance practices with a security solution that helps them meet regulations and avoid strict penalties and fines if found out of compliance.
It is not enough to have established requirements and respons- es if these just gather dust on the shelf. Utilities must be able to demonstrate that events have been managed according to their security plan, and that they are in compliance with NERC, TSA or other regulations. At this point, the ability to generate com- prehensive reports as well as incident management audits is key.
Whatever regulations or guidelines your organization follows, proving compliance and responding to audit requests is time- consuming. Choosing a modern, unified security software plat- form makes it much easier, as it is designed to record and retrieve the data you need, as well as to securely share files and reports online. The centralized database makes reporting much less time- consuming and eases the burden of compliance.
Organizations can also anticipate potential threats or chal- lenges and use digitized SOPs to guide personnel in response to these events. In the event of an emergency or urgent situation, having a clear and consistent playbook to follow can help main- tain consistency and order. It also ensures all teams, regardless of shift or location, fully understand the actions they must take to maintain compliance with all regulatory authorities.
NOW IS THE TIME TO PLAN FOR A
FUTURE TRANSITION TO HYBRID SYSTEMS
Selecting a hybrid solution may not be a current top priority or option for your organization. However, as your needs and ob- jectives change over time, you may want to investigate a hybrid system. When moving from a legacy system, it is a good idea to invest in technology that not only meets your current needs but can be flexible and grow with you.
Cloud computing allows organizations to scale data manage- ment and storage, improve operational efficiency, enable remote monitoring of facilities and systems, and can result in lower infra- structure costs. According to a 2020 analysis by Accenture, adopting cloud technologies typically reduces IT spending by 25 to 30% and the more cloud technologies are embraced, the greater the benefits.
Yet there remains some hesitancy to make the switch. It isn’t just anxiety around change or worries about the possibility of downtime during the transition; it also includes fears about the security of cloud-based software and data storage.
A multi-layered approach to harden your security system against threats is best, including strong encryption, authentica-
tion and authorization protocols. One of the advantages of a hybrid system is that the burden of keeping up with software patches and updates rests with your software and server partners, so your IT resources can focus their time on other priorities.
Tier-one cloud service providers invest significant amounts of time and resources in ensuring the highest levels of cybersecurity. These major platform owners have teams and consultants dedi- cated to monitoring the latest cyber threats and initiating regular third-party penetration testing and auditing. They also actively uphold various cybersecurity compliance standards and certifica- tions and push the boundaries of cyber resilience to help establish globally adopted best practices.
With hybrid or cloud software solutions, you always have ac- cess to the latest built-in cybersecurity features, including granu- lar privacy controls, strong user authentication, and various sys- tem health monitoring tools. And as soon as the latest versions and fixes are available, they can be pushed immediately to your system. This helps your physical security systems remain protect- ed against vulnerabilities.
THE IMPORTANCE OF
GOOD CYBER HYGIENE ROUTINES
The Achilles heel of any system is human error. Humans can be forgetful and unreliable — and hackers are happy to take advan- tage. According to a 2021 Verizon report on data breaches, 85% of breaches were due to human vulnerability - through phishing, social engineering, misrepresentation, or error. More than 60% of breaches involved credential data.
Protecting your critical infrastructure from these types of threats is crucial. You need a system that can converge your physi- cal and cybersecurity plans to protect sensitive information and reduce your exposure.
Whether you use a cloud-based system, an on-premises sys- tem, or a hybrid of both, maintaining good cyber hygiene needs to be part of your organizational culture. From training and on- boarding employees to the development of your SOPs, cyberse- curity isn’t something you can set and forget; it requires constant vigilance and regular updates, patches, and password changes.
Thankfully, modern security software can be configured to in- clude automated notifications and settings that remind or require staff to follow best practices or alert the appropriate team if sus- picious activity is detected.
INDUSTRY TRANSFORMATION CONTINUES
Shifting consumer preferences, emerging cybersecurity threats, and evolving regulations have transformed our industry.
The continued rise in demand for renewable energy is also driv- ing mergers and acquisitions between oil, gas, and power utilities. And as these companies converge, so do their security departments. A unified security system can help ensure a centralized, compliant, scalable security strategy. Likewise, shifting to hybrid solutions can strengthen both physical security and cyber resilience.
It doesn’t have to be an all-or-nothing choice. Choosing an open-architecture software solution allows you to position your organization to be hybrid-ready when you are
ready. You can take your time to strengthen
internal awareness and adoption of cybersecu- rity best practices and make the transition one step at a time.
Greg Kemper is the regional director of enterprise sales for the Central U.S. region, for Genetec.
50
JULY/AUGUST 2022 | SECURITY TODAY
CRITICAL INFRASTRUCTURE