Four experts in computer security from four major companies in the energy sector participated in the debate “Challenges and solutions for the energy industry”, moderated by Iulian Harpa, Managing Partner, energynomics.ro, alongside the first day of the conference “The New Global Challenges in Cyber Security”.

Given that information technologies are increasingly converging with process technologies, considerable effort is needed to stimulate understanding of the risks that cyber threats pose to large organizations. Risks are all the more far-reaching as we talk about energy companies – electricity generation and distribution, refining, etc. – where any incident may result not only in large financial losses, but also in a considerable environmental, systemic (across the economy ) and social impact.

Alexandru Suditu, on behalf of Enevo Group, highlighted the fact that such organizations have numerous leading experts that are very good in their operational activity, but they need to learn some things on cybersecurity. “Security is a mindset, not a magic wand,” said Alexandru Suditu, emphasizing the idea that cyber security issues cannot be left under the reasonability of a single dedicated person or tea, and they cannot be solved simply by allocating some generous budgets for the acquisition of appropriate technical solutions.

It is necessary to align the whole team, starting with the top managers, Victor Ciuruş, Group Information Security Lead, KMG Rompetrol also stressed. The personal example from the top managers and their support are essential in shaping the behaviors of each member of the team, because, ultimately, people remain the main gate of access for cyber threats. In turn, Yugo Neumorni, IT Director at Hidroelectrica, emphasized that the effort for communication and education on the cyber threats should target the entire population, as it only by this that the channels by which the systems of protection for critical infrastructure can be penetrated (e.g. e-mail, social media, USB stick) can be better protected.

In Romania, there are still many situations in which either the technologies used are analogous, or the monitoring systems are separated by the control systems, which reduces the risk that the latter may be taken over by a remote cyber-aggressor. The trend is that everything is connected to the Internet, in the cloud, and that everything to be remotely and automated controlled. In this perspective, investment must grow not only in equipment and software, but also in people being skilled in monitoring, identifying the risks from the slightest changes in the behavior of IT systems, and taking the appropriate action in the shortest possible time.

Hidroelectrica representative also spoke about the need for a national level institutional format for easing the cooperation in prevention, and for fastening the reaction in case of cyber-incidents.

In his speech, Gabriel Sofian, from CERT ENEL, presented the global system used by the Enel Group in order to prevent and detect computer incidents and to respond and restore systems after a cyber-attack. Threats, registered attacks, laws and regulations are the main drivers taken into account in the efforts of cyber security teams, said Gabriel Sofian.

The first day of the “New Global Challenges in Cyber Security” conference in Bucharest covered issues such as transposing the NIS Directive, supporting the cybersecurity industry: best practices, public-private partnerships, cybersecurity and data protection (the privacy challenge). Dozens of experts have provided multidisciplinary approaches for a better understanding of key policy developments and challenges at European and international level.