The primary goal of Ansaldo Energia is to ensure that an adequate level of security is achieved and maintained for its data, applications, systems and infrastructure. This is necessary both to deal effectively with new and ever more frequent cyber threats, as well as to provide adequate protection for valuable assets that are critical for Ansaldo Energia and for its customers.
The evolution of technology and digital innovation bring various benefits, including the breaking down of geographical barriers, the exploration of new kinds of services, and the global exchange of knowledge. However, this innovation also increases the exposure of organizations to new and complex threats. Cyber threats are one of the most important risks organizations are called on to tackle.
Ansaldo Energia is fully dedicated to the continuous improvement and enforcement of its security processes in order to mitigate risks arising from cyber threats that affect assets, data, information and systems, and to consistently manage the related impacts.
Ansaldo Energia Group has established an Enterprise Security Architecture (ESA) with the aim of improving its overall security posture and to efficiently and effectively address the management, control and protection of the Group's information assets.
The security vision and strategic goals have been put into practice by setting up the ESA, which represents a defined and agreed target framework that is subsequently implemented and periodically reviewed and evaluated to ensure it continues to be fit for purpose against evolving threats and solutions.
The Group ESA is shaped and developed through the Information and Cyber Security Capability Framework, based on four main capabilities (Governance, Prevention, Detection, Response & Recovery) and related domains. This framework brings a holistic approach to all information security topics based on the following main components:
- Information and Cyber Security Organizational Model, which establishes the main information security roles and responsibilities across the Group;
- Information and Cyber Security Process & Rules, defining rules and procedures to address information security topics
- Information and Cyber Security Control and Monitoring Framework, which provides a model to monitor/check compliance against the security controls defined at Group level.
Ansaldo Energia has implemented several projects, activities and tools, mainly in the Network, System, Application, Data and Enterprise Security areas.
These activities and projects are performed in response to a precise strategy that Ansaldo Energia defines in alignment with the best general standards, including COBIT, ISO 27001, ISO 27002 and NIST, and specific industrial standards, including ISA/IEC 62443 and NERC CIP.
Ansaldo also works at an academic level, maintaining an aligned focus on threats, related risks and mitigation techniques, and collaborating to maintain and develop new standards to ensure the continuous improvement of Cyber Security defence in the power generation environment.