DSOs cooperation with vendors in handling cyber-attacks in control systems

Challenge and objective:

The technological evolution has enabled Norwegian Distribution System Operators (DSOs) to make greater use of products and services from external suppliers. Although outsourcing provides resources, expertise and cost-effectiveness, it also introduces new dependencies and gates for potential attacks. As the dependence upon suppliers and the system complexity increase, the use of suppliers has to be taken into account in the cybersecurity incident
management for the DSOs.

Work performed:

Interview study of DSOs and vendors of industrial control systems on how they cooperate on incident management. Current practices for the involvement of suppliers in incident management are investigated.

Significant results:

An understanding of current practices, including both successful practices and challenges. Recommendations for both DSOs and the power industry at large. DSOs particularly recommended to involve suppliers more in preparatory activities, and supplier contracts should be improved .

Impact for distribution system innovation:

Awareness of the need for improved collaboration between DSOs and their vendors. Cyber resilience will also be improved.