The rollout of solutions associated with the advances made in information and communications technology (ICT) has allowed processes of companies to be optimised and new interrelationship channels to be opened with all stakeholders, bringing with it numerous advantages. At the same time, ICT has led to an increase in the level of exposure to cybersecurity threats for any industry.
The energy sector is undergoing a digital transformation process with the aim of streamlining current operations in order to improve efficiency and cut costs. These advances require that great efforts be made in the development of ITC and the use of increasingly complex and sophisticated communications networks, with the involvement of more internal and external players.
Cybercrimes have been on the upswing in recent years and, according to a number of reports, the energy sector is the target of one in every three cyber-attacks in the world. Data from the Industrial Cybersecurity Centre (CCI) show that in 2015 critical infrastructure experienced from 134 cybersecurity incidents.
In June, the control systems for the facilities of several European and American companies were the victims of one of the most sophisticated cyber-attacks seen to date. Spain was the country most affected by the action, home to 27% of the total of infected devices.
Many cybersecurity professionals are working to strengthen defence systems, but others are taking advantage of security breaches for their own lucrative or harmful purposes. Given this panorama, one of the aims to be accomplished in the short term is improvement of information exchange monitoring in order to speed up responses to attacks. Understanding the potential weaknesses to which the current energy remote control infrastructure is exposed is key to detecting and correcting such weak spots.
The current situation in the EU energy sector shows that there is still a long road ahead. Enagás continues to make important strides. We have a cybersecurity policy for effectively managing the security of information processed by the company’s computer systems. Our aim is to guarantee the confidentiality, integrity, availability and privacy of the information by maintaining a balance between levels of risk and the efficient use of resources.
Our team is working with the main public and private entities so that our information and telecommunications systems are given an adequate level of cybersecurity and resilience, and with the constant aim of rapidly improving them in order to cope with the changing conditions of the technological environment and new threats.
Our security management model is based on a process of review and continuous improvement, supported by international standards and the collaboration of the main professional cybersecurity service companies. In this way, our commitment to guaranteeing supply by covering all dimensions of safety and security (physical, environmental, cybersecurity, etc.) has come to form a part of the company’s DNA. Enagás is continuously evolving its services to meet the company’s needs while fully guaranteeing safety and security.
We are aware that there is no such thing as absolute security, which is why our work in this field is to guarantee as far as possible the normal continuity of service in the worst possible scenarios.