An interview with Rosa Kariger
Rosa Kariger: "We need to review and enhance the security protocols with new practices and strategies to address the new digital threat"
Informatics Cybersecurity Internet Interviews
February 2019. Reading time: 3 minutes
Rosa Kariger is Iberdrola group's global cyber security director and is responsible for global governance, intelligence and oversight of IT and OT cyber security in all the countries where the company operates: continental Europe, the United Kingdom, the United States, Mexico and Brazil. She graduated as an industrial engineer from the UPM, has taken part in management development programs at IESE and global leadership of IMD, and co-chaired the Systems of Cyber Resilience: Electricity working group of the World Economic Forum.
An interview with Rosa Kariger, CISO of Iberdrola group. Video voice transcription [PDF] External link, opens in new window. Enlace externo, se abre en ventana nueva.
Read the full interview
Spoke with Rosa Kariger
Rosa Kariger, Iberdrola group's global cyber security director: "Over the past decade, the electricity industry has been investing in new technologies to improve efficiency and service quality. But as automation and digitisation increase, power system resilience becomes a growing concern for boards, senior management and policy makers."
"Our industry has many years' experience in protecting our critical infrastructure from environmental events and physical attacks. But cyber is a relatively new risk and now we need to review and enhance those protocols with new practices and strategies to address the new digital threats and we cannot do this alone, not only within our own individual companies, because these new technologies are also amplifying the interconnectivity between the different agents in the electricity ecosystem. More than ever, we need to join our efforts."
"To this end, the World Economic Forum provided a unique platform, bringing together relevant industry experts to reflect on this challenge, and the outcome was a guide on cyber resilience for the electricity industry with seven industry-specific principles that was presented in the 2019 annual meeting in Davos. This guide is key to raise awareness and will support boards and senior management to collaboratively approach cyber resilience in the increasingly complex electricity ecosystem. Iberdrola, one of the largest utilities and the leader in green energy, was honoured to co-chair such an important initiative."
"I really encourage all companies, large and small, within the electricity sector, to take a look at this guide. It is available at the website of the World Economic Forum."
Hide content
Cyber resilience in the electricity sector
The World Economic Forum's report on Cyber Resilience in the Electricity Industry: Principles and Guidance for Boards
External link, opens in new window. was presented in the Electricity Industry Policy session on 23 January 2019 at the annual meeting of the World Economic Forum (Davos 2019). This report, developed in conjunction with the Forum's electricity industry community and the Boston Consulting Group aims to address the particular needs of businesses operating in the electricity ecosystem. The Forum's working group that produced the guide was co-chaired by Rosa Kariger, Iberdrola group's global cyber security director.
The Working Group on Cyber Resilience in the electricity sector was created in May 2018 and is made up of more than 25 cyber security professionals from different companies from or related to the electricity sector. The group, that is co-chaired by Kariger on behalf of Iberdrola and ABB (Pierre-Alain Graf), and coordinated by Louise Anderson and Kristen Panerali (World Economic Forum, WEF) had the following objectives:
1. Produce the above mentioned guide to enable boards of directors of electricity companies to understand cyber security risks and how to deal with them.
2. Encourage exchange of viewpoints with regulators and governmental agents on cyber security in different countries and regions of the world in relation to existing cyber security models and regulatory frameworks (EU, UK, USA, Australia, etc.).
3. Explore possibilities to share information among electricity sector companies and critical infrastructure operators.
4. Define metrics to give visibility to the situation and evolution of cyber security in sector companies.