In an era where digital threats loom large, British water utilities are doubling down on their cybersecurity measures, reports The Stack. The latest move comes from Anglian Water, serving a significant seven million people, which has earmarked £10 million for a Managed Security Service Provider (MSSP) under a new tender. This initiative aims to fortify their defenses through a co-managed Security Information and Event Management (SIEM) system.
Anglian Water is seeking “an MSSP who is more closely aligned to Anglian Water's cloud-native strategy, providing SIEM, Threat Intelligence and Intrusion Prevention services”, according to the tender notice.
Under the co-managed arrangement, Anglian Water will be “responsible for the onboarding and offboarding of assets to the SIEM, whilst the MSSP will provide the 24x7x365 monitoring and triage of events”.
The urgency for bolstering cybersecurity within the utilities sector stems from past incidents, including the ransomware attack on South Staffs Water and Cambridge Water in July 2022. Such breaches have prompted regulatory bodies to impose stricter cybersecurity standards, under the NSCS’s enhanced Cyber Assessment Framework (e-CAF). While full compliance isn't mandatory until March 2028, organizations are swiftly moving to align with these stringent requirements.
The proactive stance extends beyond Anglian Water, with other utilities like Scottish Water also investing significantly in cybersecurity initiatives. With a £50 million contract awarded to Fujitsu, Scottish Water aims to enhance its cyber resilience through comprehensive managed services and delivery of cybersecurity projects.
As UK water utilities embark on these cybersecurity endeavors, they acknowledge the criticality of safeguarding essential infrastructure against digital threats. These concerted efforts signify a collective commitment to staying ahead in the ongoing battle against cyber adversaries. Anglian Water's anticipated 60-month framework contract serves as a testament to their long-term dedication to cybersecurity excellence.