The price of cyber security

Scottish Water tenders a £50m contract for a digital directorate cyber security partner.

When i2O decided more than 5 years ago that product security would become a tablestake, our customers were asking very few questions about it in tenders.

We could see that solutions that provided remote control of water distribution networks would need to be as secure as those that handled large volumes of customer, financial or sensitive data, because they related to critical national infrastructure.

We were the first company of our kind to obtain ISO27001 certification and have continued to improve the security of our hardware products and software services ever since.

Since our acquisition by Mueller Water Products (“Mueller”), we have been able to benefit from Mueller’s tools and expertise that are available centrally.

Customers now routinely ask about security.  And some have significantly improved their own understanding of the topic.  In parts of the world this has been reinforced by the involvement of governmental security services’ organisations.

In the UK The National Cyber Security Centre was founded at around the same time as we set out our strategy to be recognised as highly secure.  The NCSC’s mission is to “help to make the UK the safest place to live and work online”.

The most advanced customers actively engage with us on cyber security.

Customers continue to improve their understanding and ask more demanding questions.

Scottish Water already has a number of contracts in place.  With IT service providers: ATOS, Capgemini and CompanyNet.  With Supply chain specialist providers: Ground Control, Magdalene and Siemens.  With telemetry technology providers: ICONICS, Emerson and Schneider.  On top of that it is looking for a “digital directorate cyber security partner”.  They will need to have a proven track record in a large number of areas:

  • Managed Detection Response (MDR) services
  • Software defined networking (SD-WAN)
  • Network Segregation and intrusion detection
  • Security of IoT Devices and Programmable Logic Controllers
  • Next-gen firewall appliances
  • Microsoft E5 security products and wider Microsoft security product portfolio
  • Advanced Threat Protection tools
  • Threat-intelligence services
  • Secure network access to remote sites
  • Secure remote access services

And now we know the price of that cybersecurity expertise: a cool £50m.

Image courtesy of Jernej Furman under this license.