If vital infrastructure, such as power grids, were to fail, this could result in serious, widespread disruption in society. Alliander’s activities fall within the scope of the Dutch Network and Information Security Act and we do everything possible to prevent this. Cybersecurity includes all measures (on the fronts of technology, people, and the organisation) to prevent, detect, and limit losses and damage caused by cybercrime. We use professional, modern security systems for example. We continuously monitor and analyse cyberthreats: what do they mean for Alliander? They determine how we may be affected by a cyberattack, and the action we need to take. We have modern defences, which means that, besides setting up firewalls to avoid being hacked, we are also able to detect hackers who have penetrated our office and process infrastructure and take appropriate action. In addition to this, in recent years we have paid attention to ensuring our office automation is sufficiently separate from our process automation.
COVID-19 and cybersecurity
The cybersecurity risk level increased during the COVID-19 crisis. There were more incidents worldwide. Working from home also meant that our IT network was much more exposed than before. Furthermore, we were unable to monitor the security situation in people’s homes. So cybersecurity is one of the elements addressed by our crisis response to COVID-19.
Governance changes to meet new security challenges
In addition to working from home, other factors such as the increased use of employee data, more extensive deployment of contractors and intensification in the distribution of energy data led to a stronger focus on cybersecurity in 2020. In order to gain an even better understanding of the security risks at Alliander, we felt it important to adjust governance in line with privacy and security this year. The actions we took to achieve this included expanding the responsibilities of the Chief Information Security Officer (CISO). The CISO reports directly to the Management Board.
We have had the security processes certified by an independent external body. Kenter was already ISO 27001 certified and this certification was renewed in 2020. Liander was awarded the ISO 27001 certificate for the vital infrastructure this year. Firan, ENTRNCE and Stam&Co achieved Security Verified certification.