IT AND OT CYBERSECURITY
IT AND OT CYBERSECURITY
TNB has taken a proactive stance to enhance the cyber resilience of its IT and OT systems, achieving international ISO/IEC 27001:2013 Information Security Management System (ISMS) certification across various domains, encompassing our power generation, transmission, distribution, and digital systems. These domains include crucial components such as the Distributed Control System (DCS) in power plants, the SCADA system in our Control Centre, and the ICT data center. To ensure TNB’s cyber security always complied to the ISO/IEC 27001:2013, TNB annually renews its certification as required by Energy Commission. For 2023, TNB has successfully passed SIRIM Audit on its compliance to ISO/IEC 27001:2013 on 10 November 2023.
Furthermore, we've been unwavering in our commitment to bolster online payment security through adherence to the Payment Card Industry Data Security Standard (PCI DSS) certification. In alignment with this certification, TNB diligently conducts both internal and external audits within the scope of the certification on a routine basis.
Our dedication to securing smart meters and AMI systems is evident in the meticulous application of industry best practices, typified by the Device Language Message Specification/Companion Specification for Energy Metering (DLMS/COSEM (IEC 62056)). This protocol adopts NIST (National Institute of Standards and Technology) standards for authentication and data security, employing tried-and-true cryptographic algorithms. The DLMS protocol has proven itself indispensable, accommodating an expanding array of data and functions necessitated by the evolving energy market and smart grid. These range from asset management and outage management to demand response, supply automation, contract management, power quality monitoring, net metering for renewable energy integration, and non-technical loss detection.
In the realm of Advanced Distributed Management System (ADMS), our focus remains on adhering to requisite OT cybersecurity standards. This includes compliance with pertinent sections of the IEC 62351 and configuration of the ADMS according to security hardening best practices in line with recommendations from respected standards, such as NIST, NERC CIP, ISA/IEC 62443, and IEEE Standard Cyber Security Requirements for Substation Automation, Protection, and Control Systems. We consistently apply industry best practices for system hardening to each OT component.
Our commitment to cybersecurity has not gone unnoticed, earning us accolades and recognition:
- "Cyber Security Project of the Year 2019" at the Malaysia Cyber Security Awards 2019 presented by Cybersecurity Malaysia.
- Inclusion in the "Share Guide Association Malaysia (SGAM) IT Users Group" at the SGAM ICT Conference & Awards 2019 by SGAM.
These accolades stand as testament to our unwavering commitment to upholding the highest cybersecurity standards across our operations against the cyber threats towards the benefits to TNB, Rakyat and Negara.
X