04 May 2005
Utility firm ScottishPower has outsourced management of its network security to protect itself against malicious attacks.
Supplier VeriSign will protect hundreds of devices, including firewalls, intrusion detection systems and automated network switches that monitor and control power plant processes.
'We are a high-profile organisation and therefore open to deliberate attacks,' Graeme Agnew, IT security director at ScottishPower, told Computing. 'A large part of our systems make up part of the critical national infrastructure, so if it goes down we could lose power.
'There are general attacks such as viruses and worms, but there are also people trying to deliberately attack us.'
VeriSign's managed security services division will host the energy firm's intrusion detection systems on a 24-hour basis, to ensure power supplies are not affected by viruses, worms or hacking attempts.
Security reporting tools will also be used to provide real-time updates on vulnerability levels.
Agnew says the VeriSign systems will help ScottishPower adhere to US compliance regulations, with which it is obliged to conform because it is part-listed on the New York Stock Exchange.
'We wanted to increase intrusion detection and security monitoring on a much greater scale, to fit in with new regulations such as Sarbanes-Oxley,' said Agnew.
Under the terms of the contract, VeriSign will work with ScottishPower's internal security department to install and manage security systems capable of detecting new vulnerabilities.
'We need to respond effectively to new threats,' said Agnew.
He says that ScottishPower will maintain a 'vendor-agnostic' approach when selecting new security products.
'The decision was about cost, quality of service and following a strategic model in place in other parts of ScottishPower,' he said.
Strict procedures will monitor VeriSign's network security management and check key performance indicators are being met.
'We have put in strict governance procedures so my security team can measure performance,' said Agnew. 'It's a key part of any outsourcing contract to have these kind of controls in place.'
What do you think? Email feedback@computing.co.uk
If you want to be first with the news, visit Computing every day.
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
