Current practices and challenges in industrial control organizations regarding information security incident management – Does size matter? Information security incident management in large and small industrial control organizations

This paper reports on the results of an interview study that surveyed current practices regarding information security incident management in small and large distribution system operators (DSOs) in the Norwegian electric power industry. The findings indicate that current risk perception and preparedness are low, especially among small electricity distribution system operators. Further, small distribution system operators rely heavily on their suppliers should incidents occur. At the same time, small distribution system operators are confident that they can handle the worst-case scenarios. This paper documents current perceptions and discusses the extent to which they are likely to hold given the transition towards smart electric grids. Several recommendations are provided based on the findings and the accompanying discussion. In particular, small distribution system operators should strengthen the collaboration with their information technology (IT) suppliers and other small distribution system operators. Furthermore, distribution system operators in general should establish written documentation of procedures, perform preparedness exercises and improve detection capabilities in control systems.