The NIS2 directive requires owners and operators of electric and multi-utilities to include their OT networks in risk management procedures and risk analysis. The target is to determine the risk exposure of their critical processes and define appropriate mitigation measures. And this is for good reason, as the results of our vulnerability assessments at IOUs, municipal as well as public utilities highlight.
Energy companies are under pressure from all sides when it comes to the cyber security of their critical infrastructure. The spiraling skills gap is set against an increasingly dynamic risk landscape and more far-reaching legislation. Nevertheless, companies must quickly find ways to set up their own operational technology (OT) security expertise.
