Incident Reporting strengthens Security and Supply
With the growing complexity of professional and state-sponsored cyberattacks, the knowledge transfer between information protection officers in critical infrastructure companies has become paramount for supply security.
Several countries worldwide have developed legislation and standards to implement incident reporting to:
- identify and analyze supply security threats at an early stage,
- communicate threats to all vulnerable infrastructures and
- develop immediate countermeasures.
Few operators are currently in a position to so. Their security systems provide neither full network operation transparency nor the detailed documentation of detected incidents.
Identify, Assess, Report
A sound strategy to protect security of supply must take changed risk mechanisms into account. This results in new challenges for information security officers that go beyond classic security concepts:
- Recognize near-incidents: Incidents that could potentially lead to an impact (e.g. in multi-stage attack scenarios)
- Detect incidents not related to security: Disruptions can also occur independently of security incidents.
- Assess significance: Near-incidents sometimes only need to be reported, if there it would have resulted in a significant hazard. The responsibility for sound assessment generally lies with the operator.
- Report detailed information: Many legislations require details on the mechanism and (possible) effects of any incident.