Skip to main content

Cyber Security and Data protection

Data and information managed by A2A Group, as strategic elements, may be jeopardized by cyber attacks and incidents caused by many vulnerabilities of digital infrastructures. These occurrences may endanger the resiliency of the company by compromising its services to customers and its own reputation.

A2A must identify these threats very quickly and manage them effectively.

Cyber threat intelligence

“Group Security & Cyber Defence” and “Group Information and Communication Technologies (ICT) & Digital Enablement” departments are committed to ensure data protection for employees, customers and all A2A stakeholders.

A2A is tackling cyber threats through the following defense activities:

  1. Cyber Risk Analysis of Digital Assets and Services (Corporate / Facilities)
  2. IT/OT(1) security processes and controls compliant with the best international standards (ie ISO27001 and IEC 62443) and industry standards
  3. Business continuity and information security management system
  4. Valuation of cyber strength of third parties
  5. Public and private partnership
  6. Awareness – Education - Training
  7. Cyber Threat Intelligence

Note: (1) IT: Information Technology - OT: Operational Technology

Group security & cyber defence

The “Group Security & Cyber Defence” department is active in the security of Operational Technology - OT (Industrial Control Systems and Supervisory Control and Data Acquisition systems) and it is responsible for the following tasks:

  • Monitoring of the OT systems security levels through the analysis of incidents and the definition of remedial actions
  • Reporting on infrastructure monitoring also in case of incident
  • Support to risk owners to define procedures for the most adequate cyber posture

Case study: A2A OT Security Project
 

The project, launched in September 2019, is aimed at ensuring the security and the resilience of infrastructure and information systems, through well-proportioned operational and technical actions to manage the risk on critical assets, in line with the principles of national framework of cyber security (FNCS).
The project activities regarded hydroelectric generation, electric distribution, gas distribution and water cycle.

1) Assessment of security levels

  • Security assessment of “as is” conditions of infrastructure and information systems
  • Risk analysis on sector threats
  • Risk management plan to mitigate the exposure to threats, raising thus the overall security level

2) Implementation of a Cyber Security management system

Adoption of the most suitable organizational structure in order to guarantee the security and the resilience of infrastructure and information systems: definition of processes, procedures, and competences of people in charge of Operational Technology security.

Group ICT & digital enablement

The “Group ICT & Digital Enablement” is responsible for Digital Security and ensures data protection, the resilience of services and ICT infrastructure, through the implementation of Information Security Management System (ISMS). In particular, the ICT Security department provides, develops and strengthens new Digital Security Services in order to preserve A2A business in its continuous innovation path.

A2A has set up a highly specialized group called IRIS - Intelligent Resilience Information Security Services. This team of IT security experts is committed to defending and responding to attacks against information, IT infrastructure and digital services.

IRIS provides the following IT security services:

Security Monitoring & Readiness Operations

It protects the company against digital criminals, is operating h24x7 and tracks security threats in real time, thus reducing the exposure and impact of attacks on A2A digital services, applications and assets
 

Platforms resilience & Operations

It includes digital and security technologies, ensures the maintenance of the best security posture and effectiveness of controls over time and according to the most up-to-date "threat model"

Active defense

Assessment of the Company resilience level and its services through a Security Lab, a team of white hat (ethical hackers) and specialists involved in assessing the Company resilience level and its services to define the most critical current risk scenarios and study future threat trends.

Threat Intelligence

It provides intelligence capabilities through proactive research and analysis of public and non-public external sources. Moreover, it supports security strategic decisions and operations by protecting A2A digital data and brand from misuse