Recommendations for the Utility Industry
This is the second in a series of posts about the costs and needs for cyber security.
Critical to continuing an enterprise’s capability to continue to function is having the computer data and software applications in use throughout a business cycle. Internet access, computer equipment, and physical connections (like on the plant floor) are important – and money and time can fill lots of needs. Lack of people processes, data, and software applications will halt the enterprise – government, commercial, or civic – with very little getting accomplished.
Things to do today: If regulated, ask regulatory affairs for the latest guidance and rules from all of the regulators on data and network security. Ask insurers if loss prevention guidelines for your enterprise are available. Consult with outside advisors or technology consultants for obvious things that need doing.
The critical need is for management attention. Priorities, schedule, and budget resources will follow if appropriate management attention (from the Board/Governance down) is spent. Web sites, Internet access, work from home, disability accommodations, marketing partners, … the list of possible complications for data and business security is changing faster than fixes. A key to understanding is that NO ONE is really doing what is really needed.
In a crisis, the costs of doing business represented by computer-resources and Internet access are often disregarded as “that’s what insurance is for”. Experiences and involvement in recovery from crisis’ informs that insurance doesn’t even cover large chunks of costs when looking back. The portion of risk management represented by determining, negotiating, and paying for insurance (self or commercial) is beyond scope for this release while critical to survival in a crisis.
Frequently heard is “people will take care of things at need”. In a crisis without any of the business tools they are accustomed to people will be lost to get work done. Without the data and connections to customers, suppliers, partners, and regulators most work won’t get done. A simple test – how many people have taken the simple step of printing out their critical contact lists if the cell phones and computers connecting with a tap or click – are out? (A step urged on enterprises in Ukraine as missiles fall.) There are legal and regulatory contacts that MUST be informed and responded to in a crisis – who is responsible for knowing? Yes, people will perform magnificently – they need resources to get work done.
Each responsibility has to work together to survive a crisis. In the case of governmental, health care, or services’ enterprises getting thru a crisis is more than desirable – history gets to judge and second guess. For enterprises the stakeholders are far and wide – and responsibilities begin before the crisis.
Our next post on this topic concerns changing priorities for Cyber Security Risk Management. Look for it at www.ekalore.com/blog-1
Commentaires