The Journey to CAF 2027 – How Energy Companies Can Prepare

The NCSC’s Cyber Assessment Framework (CAF) is a collection of principles and guidance to achieve a level of cyber resilience, particularly focused at those organisations that play a vital role in the day-to-day life of the UK, such as those designated as forming part of the Critical National Infrastructure (CNI). With a specific set of profiles targeted at Operator of Essential Services (OES) within the UK’s energy sector, it is essential for those within scope of the NIS regulation to demonstrate their cyber posture in alignment with the CAF. 

However, for many organisations, understanding the scope of what this applies to and aligning existing controls with the framework can be a challenging and resource intensive process given the CAF’s focus on ‘contributing outcomes’ and somewhat lack of prescriptive controls within the CAF to clearly direct improvements within existing cyber security controls. 

Further challenges have been introduced through the recent publication of an enhanced CAF profile for the energy sector by its regulator, Ofgem. This introduces additional requirements for energy sector organisations to achieve a greater level of cyber security maturity and align with all CAF principles by 2027. 

This webinar advises energy sector organisations on the differences between the basic and enhanced CAF profiles, how they can drive improvements in their cyber security programs to align with the CAF principles, and more effectively secure technical environments and operational technology (OT) within their business.