Energy regulator Ofgem has revealed a plan to run trials on the automated analysis of cyber risks as part of its efforts to reduce the risk of disruption to essential services.
It wants to test the latest system modelling tools on the cyber-physical systems of the service operators that it regulates. If the trial produces evidence that this can cost-effectively reduce risk it will encourage wider adoption across its sector.
The organisation has begun a procurement process for consultancy support in the trials, which it aims to complete by the end of June.
Ofgem pointed to the development of new tools and techniques to model complex systems from a cyber security perspective, saying they can capture more system security details than an individual can absorb, and that automated analysis will provide new insights.
This can help to improve the understanding of the most vulnerable attack points in a system and the best options for protecting them. In addition, the system information can be retained as the people within a team change over time.
Ofgem said the models could also support a constructive debate between essential services operators and the relevant regulators on system security and reducing cyber risks.
In 2018 the organisation took on new responsibilities under the Network and Information Systems Regulations to ensure that the operators in its sector are meeting their own obligations in areas such as cyber security.
In September of last year it published draft guidelines on cyber security, based on guidance from the National Cyber Security Centre, to support resilience planning,
Image from GOV.UK, Open Government Licence v3.0
