Enel and Cyber Security: prevention and security

Published on Tuesday, 20 November 2018

“The risk management model we’ve adopted is based on a systemic, holistic vision that integrates the traditional IT sector with Operational Technology, which has stronger links to the industrial sector, and the Internet of Things comprising smart objects connected online”

– Carlo Bozzoli, Enel’s Head of Global Digital Solutions

The efforts of our team of analysts and the organisational model we have adopted have enabled us to block over two million risky emails, an average of about 300 attacks on our web portals, 1,300 viruses and 625,000 connections to risky websites every day. To this can be added the identification every year of over 600 Internet domains that use our brand illegally and an average of 13 hostile initiatives detected each month by the Cyber Intelligence system. Our CERT thus provides an increasingly secure flow of sensitive information and data for our Group, and also handles complex cyber-attacks launched from many parts of the world. It was possible to see a simulation of one such attack at the opening of the Global Control Room.

Assessing the risk and thinking cyber

Enel’s “Cyber Security Framework” policy directs and manages cyber security activities. These involve business areas, the transposition of regulations and legislation, the use of the best available technology, the implementation of bespoke organisational processes and the promotion of individual awareness.

Rassega described Enel’s Cyber Security strategy as “a risk-based and by-design approach” that places risk assessment at the basis of decisions and prioritises security aspects during the system and application design stages in order to increase the resilience of all our assets and their capability to respond to cyber-attacks.

“The Cyber Security strategic model is designed to meet the new requirements of the electricity industry, which is experiencing an unprecedented transformation of its production model. In the 1980s, when there was a small number of very large generating plants, a ‘perimetral’ protection model was enough to keep the ‘bad guys’ away from our servers and IT systems. The development of business processes in an energy production scenario that now consists of thousands of small, interconnected and distributed renewable plants, and the use of the Internet of Things with the generation of a huge quantity of data stored in the Cloud, means we have to adopt an integrated, collaborative and flexible model,” Rassega continued.  

Collaboration, strategy and critical vision encourage innovation and make it possible to transform problems into competitive solutions. The Cyber Security of the energy industry also depends on an all-round open vision, an approach that has become the hallmark of our Group.