Data and information managed by A2A Group, as strategic elements, may be jeopardized by cyber attacks and incidents caused by many vulnerabilities of digital infrastructures. These occurrences may endanger the resiliency of the company by compromising its services to customers and its own reputation.
A2A must identify these threats very quickly and manage them effectively.
The project, launched in September 2019, is aimed at ensuring the security and the resilience of infrastructure and information systems, through well-proportioned operational and technical actions to manage the risk on critical assets, in line with the principles of national framework of cyber security (FNCS).
The project activities regarded hydroelectric generation, electric distribution, gas distribution and water cycle.
Adoption of the most suitable organizational structure in order to guarantee the security and the resilience of infrastructure and information systems: definition of processes, procedures, and competences of people in charge of Operational Technology security.
A2A has set up a highly specialized group called IRIS - Intelligent Resilience Information Security Services. This team of IT security experts is committed to defending and responding to attacks against information, IT infrastructure and digital services.
IRIS provides the following IT security services:
It protects the company against digital criminals, is operating h24x7 and tracks security threats in real time, thus reducing the exposure and impact of attacks on A2A digital services, applications and assets
It includes digital and security technologies, ensures the maintenance of the best security posture and effectiveness of controls over time and according to the most up-to-date "threat model"
Assessment of the Company resilience level and its services through a Security Lab, a team of white hat (ethical hackers) and specialists involved in assessing the Company resilience level and its services to define the most critical current risk scenarios and study future threat trends.
It provides intelligence capabilities through proactive research and analysis of public and non-public external sources. Moreover, it supports security strategic decisions and operations by protecting A2A digital data and brand from misuse