The National Energy Policy Council approved the creation of a working group - formed by representatives of public bodies and sector institutions, with the collaboration of experts from civil society - which will establish guidelines for the implementation of cybersecurity in the electricity sector. The WG will analyze the experiences of public entities and companies in the electricity sector and discuss aspects of prevention, treatment, incident response and systemic resilience.
The group will be coordinated by the MME and will have among its members representatives of the Institutional Security Office of the Presidency of the Republic (GSI), the National Electric System Operator, the National Electric Energy Agency, the Electric Energy Trading Chamber and EPE.
According to the Sales Manager at TI Safe, Claudio Hermeling, the energy market is the target of constant attacks and companies urgently need to make investments to ensure the safety of their assets. Invasions were already happening more frequently due to the digitalization of services, but they intensified during the pandemic last year, when institutions and companies adopted remote work. For example, distributors such as Light, Energisa and Copel, the Energy Research Company and Eletronuclear were victims. Therefore, the mobilization of the MME to create the WG.
Hermeling explains that the cases of attacks on Brazilian electricity companies, reported so far, were only in the IT areas, compromising corporate environments, that is, stopping some services and administrative activities. However, he estimates that if these attacks reached the operative networks, the consequences would be drastic. They could range from data theft, changes in systems and even compromise the essential services of generation, transmission and distribution of energy, causing financial losses for the concessionaires and other incalculable ones for the whole society, which would suffer from the lack of energy supply for long periods .
“The increase in the attack surface and the growth of digitalization are the factors that contribute to the fragility of the operating networks. In several digitization projects, equipment substitutions are not planned, that is, concomitantly, outdated or obsolete systems are operating in conjunction with digital ones. These legacy systems represent potential risks that need extra attention ”, details Hermeling.
According to the TI Safe Sales Manager, companies must observe the scenario of both attacks and new resolutions and establish strategies to increase investments in security, mitigate impacts and ensure the health of operating networks. The executive also points out that another very important point to be considered is the need for security training for all teams working in the operating networks, because, according to him, many are still unaware of the risks and methodologies that can reduce attacks.
TI Safe has highly qualified professionals, capable of assisting in all the processes necessary for the implementation and management of cybersecurity in critical environments. The challenge that companies will face to meet the new network procedure of ONS and ANEEL, TI Safe has an exclusive solution, developed internally, based on the norms and best practices of the market to organize, execute and operate cyber security in industrial systems and critical infrastructure. This solution meets all the implementation waves presented by ONS for the new network procedure. To know more visit.