Oman to audit preparedness of power networks to cyber attack

Seeking to secure the nation’s critical power generation, transmission and distribution infrastructure from potential cyber-attacks, the Authority for Electricity Regulation Oman (AER) plans to conduct an audit of the IT networks and related systems of its licensees to ensure they comply with the most modern international cyber security standards.
The move comes as countries around the world ramp up their national capabilities in staving off potential cyber-attacks on their critical energy, transport, water, health and digital infrastructure.
“The Authority intends to audit the licensees’ implementation and compliance to the SCADA and DCS cyber security standard that was issued by the Authority in 2015. The audit would review aspects related to governance of the SCADA and DCS environment including management systems and implementation of technical controls. The audit would also review the existing standard and its validity to any new cyber security attacks to the energy industry,” the regulator recently stated in its Forward Work Programme of initiatives it plans to implement during the course of 2018.
As monitoring and control mechanisms, SCADA (Site Control And Data Acquisition) and DCS (Distributed Control Systems) are key components of any electricity and energy infrastructure, helping track and control equipment, and thereby ensuring that generation, transmission and distribution processes are smooth. But they are also vulnerable to cyber-attack if security protections are not suitably robust.
“The aim of the audit is to ensure that the licensees — generation, transmission and distribution companies — have the systems in place to protect their infrastructure from cyber-attack,” said an official.
“When the cyber security standard for SCADA and DCS was issued in 2015, it was based on best international practices prevalent at the time. All the licensees cooperated very well and in line with all the requirements. Now it’s time to assess compliance with that standard and also to assess whether there is any need for an update keeping in mind the rapidly changing (threat) environment (globally). The audit will also help us identify any shortcomings in the cyber-security framework that needs to be addressed,” the official added in a recent media briefing on the Authority’s initiatives for 2018.