Wednesday, June 1, 2011

Sony's Lessons for Electric Utilties

Have been thinking about the continued cyber bludgeoning Sony's been getting and how the utility sector would handle such a long-running, targeted attack. In terms of cybersecurity and privacy protection policies and technical controls, I can't say whether Sony was any better or any worse than its sector peers when all this started.

As far as motivation, certainly, individual utilities can easily incur the enmity of some of their customer base ... it's happened plenty of times before for a number of reasons, and it's happening again in some regions with Smart Meter deployments.

In CSO Online a couple of days ago, CSC's Mark Rasch offered this advice:
All companies have to make accurate risk assessments and carry out their responsibilities to protect personal information they store. "They have to realize they are fiduciaries of customer data and have a moral and legal obligation to protect that data. They need to do everything reasonable," he says. "The cost of repairing after the fact is 10 to 100 times higher than preventing it in the first place."
It's hard not to think of how the Sony saga playing out before our eyes, on top of the daily drumbeat of security attacks and breaches at large enterprises, is spurring some utilities into action, updating their risk calculus, and their controls. And very likely, many others don't see a connection, or a need to change their current defenses.

You can read the full article HERE.

No comments: