Cybersecurity

A U.S. power company employed regularly-recurring audits of various controls, systems and programs. However, when it came to a SCADA-based cyber security vulnerability assessment, the in-house audit team did not possess the specific combination of process control experience and cyber security risks. They realized they required a third-party expert with a unique combination of knowledge of the two worlds.

Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. This grid:• Serves 31 million customers• Has a net installed energy capacity exceeding 31 gigawatts• Includes more than 500 power generation plants,including hydroelectric, thermoelectric, and wind• Is managed and monitored by Enel 24/7/365• Is operated by Terna, the Italian Transmission System Operator (TSO)Enel is responsible for the availability of the grid’s underlying ICS and industrial network. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.

GenoSpace, headquartered in Cambridge, Massachusetts, is a fastgrowing company that offers cloud-based software services designed to be HIPAA-compliant and applied across research, clinical development, pathology, and clinical care. The company’s offerings include data integration, modeling, analysis, interpretation, visualization, and collaboration capabilities for genomic and other biomedical data. Since maintaining the confidentiality of human genetic data is of paramount importance to GenoSpace, the company has made security a top priority. In an environment where breaches involving healthcare data have reached alarming levels, GenoSpace understands the costly business impact of noncompliance with HIPAA patient privacy regulations and industry-leading data security practices. For example, the Identity Theft Resource Center’s 2014 annual list of security breaches points out that the medical/healthcare sector accounted for more than 42.5% of all the breaches listed, topping all other categories. Since reporting requirements began, the US Department of Health and Human Services has tracked 944 incidents involving approximately 30 million individuals. Along with the persistence and enormity of this problem comes financial fallout. For example, in its study, 2014 Cost of Data Breach Study: Global Analysis, the Ponemon Institute estimated that the average cost of a data breach in 2014 was $3.5 million, an increase of 15% over 2013. Additionally, the average cost per record across all sectors also increased, from $188 to $201—and the per capita cost for healthcare was the highest across all industries at $316 per patient. And the typical fine for a data breach runs up to $1.5 million per incident. The cost of breaches to the healthcare sector overall is estimated at $5.6 billion annually.