Justin Lowe, a digital trust and cyber security expert at PA Consulting, is quoted in an article in Utility Week on cyber security and operators of essential services’ compliance obligations.
Justin says: “Operators should make sure they understand which parts of their operation fall within the scope of the regulations, and which systems and assets directly or indirectly support these operations, including in their supply chain.
“Operators should then understand what security controls are in place for those critical systems and assets, what gaps there are against best practice, and what risk these present to the essential services they provide,” he continues.
Justin adds: “This will provide a good foundation for defining a regulation compliance programme, together with the associated costs that would need to be included within their regulatory price control business planning activities.”
The Network and Information Systems Regulations: boosting cyber security for digital and essential services