What we said we'd do
This stakeholder priority is about how we protect our network from external threats such as cyber-attacks, physical attacks and extreme weather. It also ensures we can respond to and recover from incidents when they happen. Due to the confidential and sensitive nature of our cyber security and physical security business plans, we are unable to fully share detailed information with stakeholders. We provided our plans directly to Ofgem for assessment. Included within our submission are the two cyber business plan documents requested by Ofgem, these are:
1. Business IT Security Plan
2. Cyber Resilience Plan
We also shared with Ofgem our plans to protect our sites from surface level flooding and better understand how we protect from weather-related threats in the long term. We will enhance flood protection on a proposed 100 sites as well as addressing increasing erosion incidents and developing a long-term climate change strategy.
What we've done and what we’re going to do
Whilst we cannot give specific details of our physical and cyber security delivery plans, we have regular dialogue with Ofgem on delivery progress and are required to submit confidential 6-monthly reporting. We also have regular engagement sessions with Government offices such as National Cyber Security Centre (NCSC) and Department for Energy Security and Net Zero (DESNZ).
We aim to deliver all of the agreed outputs through the remainder of RIIO-T2 and as we have used the re-opener opportunities for extreme weather and physical security during RIIO-T2, we have added further sites to be physically hardened against threats from potential flooding or intrusion.