South Australia’s principal electricity distributor SA Power Networks is using process automation to make headway in the battle against cyber crime, as part of a broader push to strengthen its cyber defence team.
The company’s head of cyber security and IT resilience Nathan Morelli said automating common security processes meant the business had regained time that could be dedicated to higher value tasks.
He described one recent example of automating account resets.
“In the past that would have been a manual process that took one of our security analysts three-to-four hours, to see, verify, then change a password, and engage with the user,” Morelli said.
“With automation in place we have reduced that now to less than 60 seconds.”
The automation initiatives directly support SA Power Network’s decision of three years ago to commit to building its own cyber response capability, rather than buying it in from an external provider.
This decision supported a cyber security strategy that stretches out to 2030 and that is being delivered using 18-month roadmaps.
“We're trying to build as much in-house skills as we can, not only to build a sustainable capability as a team, but also to support a wider organisation and state-based need for cyber security resources,” Morelli said.
“We've insourced our security operations centre, and we've insourced a lot of our red team and our penetration testing as well.
“If we have a cyber security incident, we don't want to rely upon an external provider to tell us that it's a bad day. On a bad day, we want to have the right people on board with the right understanding of our capability and our organisation to then respond effectively.”
SA Power Networks would still call upon external providers where it had determined a gap in its capability.
Morelli said the company would spend the next 12-to-18 months examining where those gaps might lie, including in its corporate and operational environment.
“We've made a deliberate decision not to go out and purchase every shiny tool,” Morelli said.
“We want to optimise the tool sets that we've got. The more you test, the more you verify, the better confidence you have that you've got the right technology in place, and you've configured it properly too.”
Morelli said simple changes such this are one of the ways that SA Power Networks is demonstrating a return on investment from its spending on cyber technology, people, and processes, as part of a broader threat-based approach the electricity distributor was taking to cyber defence.
“We’ve got a really good understanding of our top 10 cyber security threats and where we're going to be attacked,” Morelli said.
“The higher-level initiatives are determined by what the business is trying to do. At the moment, we're doing a lot of investment in securing our external environments, because we know a lot of attacks will start externally, and we are aligning that to some of our business priorities around distributed energy and building that two-way network for the future energy revolution that's coming.”
Another key component of the strategy has been to secure identities within the operating environment, using multifactor authentication and zero trust-based initiatives aligned with its business strategies.
“We're pushing out controls to the end user as much as we can,” Morelli said.
