chapter 11

I want you to protect the transmission system from cyber and external threats 

Here you can find out about cyber and other external threats facing the gas transmission system, and how we’re responding.

I want you to protect the transmission system from cyber and external threats  

UK infrastructure is subject to many security threats, that are increasing in sophistication and persistence.

These threats include terrorism, criminality and vulnerability in information technology (IT) and operational technology (OT) systems.

Our network is part of Great Britain’s Critical National Infrastructure (CNI) and appropriate protection from threats is therefore essential to underpin the safety, security and reliability of the nation’s energy supply.

The UK Government sets the requirements for the appropriate levels of physical and cyber resilience that are to be achieved in the national interest.

What have you told us?

You say that the way we manage security threats should be a priority.

We understand this is because you identify with the increasing threat both to society and to your own businesses.

You recognise that disruption to the gas network and to your energy supplies would have immediate, direct and adverse consequences for you.

What will we deliver?

Our RIIO-2 plan is to deliver the security hardening that has been mandated by the government, as efficiently as possible.

This will improve the safety and resilience of the transmission system to ride through and recover from accidental or malicious events such as cyber-attack, which otherwise threaten to disrupt continuity of GB energy supply.

We'll deliver a strategic long-term programme to replace key operational technology used for the safety and control of critical systems.

This work is driven by age and obsolescence as well as cyber resilience and the programme will extend through RIIO-3 and beyond.

What will it cost?

This is an area of significantly increasing expenditure driven by the growing level of threat and by new legislation steering the action that we must take to protect the network.

Our plan includes £123.4m per year (21% of our RIIO-2 total costs) for this priority.

We propose that funding for this known scope of work is included within our base revenue. Our plan does not include any provision for unforeseen costs that may arise from future changes in security requirements or in response to actual security events.

We propose that uncertainty mechanisms allow us to adjust our scope and costs during RIIO-2 in response to changing circumstances.

Your feedback matters

Your feedback on our draft business plan is important to us. We want to make sure we take account of a broad range of views as we develop our plan.

Email us your feedback

You can download our full draft business plan, or just this chapter here.

Download full plan

Download this chapter

Explore our other chapters