The National Electric System Operator (ONS) published last Thursday, the 1st of July, the “Operational Routine RO-CB.BR.01 – Minimum Cyber Security Controls for the Cyber Regulated Environment“. The document, which establishes the cyber security controls to be implemented in the agents’ operation centers and in the infrastructure equipment, will be effective from July 9, 2021. After that date, the agents and the Operator must adopt the routine and its set of requirements and criteria, in accordance with the deadlines established in the RO. There are 24 items to be implemented, eight within a maximum of 18 months and the rest within 24 months.
Marcelo Branquinho CEO of TI Safe, a company specializing in cyber security for critical infrastructures, praises the initiative, but notes that the electricity sector will have a lot of work ahead: “There are about 740 companies, including generators, transmission companies and distributors of the most diverse sizes , who will have to adopt these measures to achieve compliance and there is not even enough manpower in the country to meet them all”, he warns.
According to the agency’s statement, “the process of improving cyber security is a subject that has been discussed by the electricity sector, in particular by the ONS, ANEEL and MME, due to its relevance for the operation of the electricity sector. So far there was an item in the Grid Procedures that dealt with the subject, but in a comprehensive way. The publication of this routine improves the guidelines on the subject with agents”.
There are currently a lot of attacks against critical infrastructure, especially in the electricity sector. Some companies in Brazil have already been affected, and the ONS’s concern is to improve the security of the entire sector.
The published document is now part of the “Operation Procedures Manual”: it is Sub-module 5.13, which belongs to Module 5 of the manual (System Operation). The ONS manual has a total of 172 modules, but in this set cybersecurity was treated very superficially, mentioning the need for cybersecurity policies but not going into detail.
“The Cyber Security Operational Routine is an important milestone for the electricity sector. We believe that it will raise the level of cyber security of the entire operation, helping agents and the ONS to create security policies in line with global best practices and established Network Procedures.”, comments Geraldo Fonseca, Cyber Security Specialist at ONS .
See the original post at: https://www.cisoadvisor.com.br/ons-publica-rotina-de-cyber-para-todo-o-setor-eletrico/?rand=59039