EDI (Electronic Data Interchange) is an often forgotten underpinning of many utility companies, even though many of its functions are likely to be critical to the operation. In many states, EDI is a mandated operation for commercial bill pay and meter reading data exchange with third party services. In fact, between the Gas Industry (GISB) and North American Energy (NAESB) Standards Boards, a substantial set of requirements exist for industry use of EDI.
While EDI exists as a specific set of functions for exchanging digital data, it is often managed through third party applications and networks. These operations carry several different threat models, from disruption of service and outages that impact the data availability, to tampering and compromise of the data in transit. As such, it is essential that utilities have performed business function and application specific risk assessment on EDI implementations.
Additionally, many of our clients have performed EDI-focused penetration testing and technical application assessments of their EDI translators and network interconnects. Some clients still utilize a Value Added Network (VAN) or other service provider for EDI transmissions, and MSI can work with your VAN to review their security program and the configuration of your interconnections to ensure maximum security and regulatory compliance.
Lastly, our team has been very successful doing tabletop incident response and disaster recovery/business continuity exercises involving modeling EDI outages, failures and data corruption. Impacts identified in these role playing exercises have ranged from critical outages to loss of revenue.
If you’d like to learn more about our EDI services and capabilities, give us a call at 614-351-1237 or drop us a line at email@example.com. We’d love to talk with you about our nearly 30 years of experience in EDI, information security and critical infrastructure.
We are proud to announce a pandemic planning update webinar scheduled for Tuesday, March 17th at 10am Eastern.
MicroSolved’s John Davis and Dave Rose will explore pandemic plan updates in the age of the COVID-19 outbreak. They will discuss lessons learned, from building a basic plan to updating existing plans. They will share the latest advice from our consulting practice, from State, Local and Federal resources and point out a variety of resources that are now available to assist organizations.
Click here to register. Recordings will be made available after the event.
We want everyone to benefit from pandemic planning. Please let us know if you have questions or need assistance.
The news is full of tragedy from Hurricane Matthew at the moment, and our heart goes out to those being impacted by the storm and its aftermath.
This storm is a powerful hit on much of the South East US, and should serve as a poignant reminder to practice, review and triple check your organization’s DR and BC plans. You should have a process and procedure review yearly, with an update at least quarterly and anytime major changes to your operations or environment occur. Most organization’s seem to practice these events on a quarterly or at least 2x per year cycle. They often use a full test once a year, and table top exercises for the others.
This seems to be an effective cycle and approach.
We hope that everyone stays safe from the hurricane and we are hoping for minimal impacts, but we also hope that organizations take a look at their plans and give them a once over. You never know when you just might need to be better prepared.
We caught this post on Lifehacker a few days ago and thought they did a pretty good job of handling a pretty frequent question. How many times have you been asked about data recovery? For us, we always ask “You have that backed up, right?”, in return.
Sadly, few people seem to backup their data, even though that is one of the basic foundations of protecting information.
If you are or know someone who gets into this predicament, we hope this approach helps.
In the meantime, where did you put your backup disk? You have one, right??? 🙂
For those folks on the east coast, Hurricane Noel should probably figure into your weekend plans. The storm is looking like a near miss for much of the eastern seaboard, but should be a strong reminder for folks to review their Disaster Recovery and Business Continuity plans for currency.
If you look in your policies folders and don’t see a DR/BC plan, now might be a good time to form a task group for making them. Given the wacky weather patterns lately, they might prove to be handy in the future. At the very least, you can rest a little easier just knowing they are there.
For those folks wondering what I am talking about, click here for more info on the storm.
If you want to do more reading on DR/BC policies, check out this wikipedia article.