San Joaquin Valley Clean Energy Organization

View Original

Technology Tuesdays: Cyber Security VS Cyber Resilience and Energy

Hello Partners!

As more and more of our daily lives are connected to the internet, the risk of a cyber threat becomes greater and greater. I am confident we are all aware of this. We are aware of it when our IT departments warn and educate us about the dangers of clicking on links from unknown senders. We are also aware when we are forced to remember countless passwords that seem to rule our lives only to demand to be updated every 30, 60, or 90 days. However, with the seemingly never-ending safeguards and security protocols that we deal with on a daily basis, it seems that the most fundamental aspect of our security rarely gets the attention it deserves. I am referring to our energy security.

“…the nation’s security, economic prosperity, and the well-being our citizens depends on reliable energy infrastructure” (Energy.gov). We never know how much we depend on something most of us take for granted each day. In a highly interconnected world, our energy security is the most vital part. For this reason, I wanted to talk about not only cyber security, but also cyber resilience and energy. It is important to understand the difference between the two.

Cyber security refers to the mechanisms and software that are in place to protect systems and information from a cyber-threat. A cyber-threat can be any number of things including hacking, phishing, ransomware, or distributed denial-of-service (DDoS). These attacks can reap havoc on any organizational system. However, energy infrastructure is especially vulnerable because of the implications in the event it falls victim to a cyber-attack.

On the other hand, we must realize that it is impossible to form a defense or combination of defenses that are infallible to all cyber-threats. The reason for this is, we cannot predict every possible threat. For this reason, cyber resiliency is necessary. Cyber resiliency is the ability of an organization to withstand the threat, minimize the resulting damage of such a threat, and recover with as little interruption as possible. How is this done?

There are a lot of moving parts to cyber resiliency. However, those moving parts, as a whole, are referred to as the cyber incident response plan. Your cyber incident response plan may include items such as a protocol for what needs to be done in the event of an attack, a listing of the people who are responsible for executing those tasks, steps for communicating the incident to customers, how to recover data, and how to assess the damage. Every cyber incident response plan will be a little different depending on the needs of the organization.

Therefore, it is imperative that our energy infrastructure has both cyber security and cyber resiliency. There have been many advances in research, development, and deployment of tools to minimize the risks to our critical energy infrastructure. The driver of which is the U.S. Office of Cybersecurity, Energy Security, and Emergency Response. As we increase our interconnectedness, I am sure we will be hearing more about this research in the future.

The savings never stop!

Connect with us:
T (877) 748-0841
E INFO@SJVCLEANENERGY.ORG

Check out our website!
WWW.SJVCEO.ORG

Sources:
https://www.forbes.com/sites/bernardmarr/2020/10/14/the-important-difference-between-cybersecurity-and-cyber-resilience-and-why-you-need-both/?sh=4e65af4c1721

https://www.bitsight.com/blog/cyber-resilience-vs-cybersecurity-whats-difference-and-how-build-plan-both

https://www.energy.gov/ceser/cybersecurity