When pressed to identify the top cybersecurity risks in their operations, utility operators typically point to a range of possibilities, including compromise of systems and supply chains, patching and maintenance of legacy systems, nation-state threats, and insider threats.
Only a third consider identity systems among those risks; yet 67% of utility infrastructure attacks in the UK and US definitively compromised identity systems—specifically Active Directory (AD), Entra ID, and Okta.
AD’s role in cyberattacks means its security is paramount for cyber resilience. Hostile nation-states looking for a tactical or strategic advantage use stealthy attacks that can keep a malicious actor hidden in the identity system, planting backdoors, gathering information, and waiting to strike—sometimes for years.
In the face of this complex cyber threat landscape, the RIIO-2 Cyber Resilience Guidelines aim to provide the controls UK energy utilities need to establish security resilience for their networks.
What’s inside
- Why RIIO-2 for cyber resilience? Learn how the guidelines respond to the evolving threat landscape.
- Why is identity security a critical focus for utility operators? Discover how attackers leverage the identity system to target critical utility infrastructure.
- Identity-focused RIIO-2 controls: Understand which required controls affect identity system security and resilience.
- Practical identity security solutions: Discover how cyber-first products provide practical ways to automate identity security controls—and strengthen your overall security posture.
Resilience to cyberattacks that threaten utility operations should be the top priority for every organization involved in critical infrastructure. Take steps now to achieve RIIO-2 Cyber Resilience capabilities.
