How utilities can navigate critical infrastructure protection requirements.
Scott Vanek is senior business analyst at Gestalt LLC. Mark Walton is CIO and director of commercial technology at Gestalt. Contact Walton at mwalton@ gestalt-llc.com.
Operations personnel at many energy companies feel the pressure of achieving compliance with the North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) standards. Some worry that they are not aware of the problems and security incidents that have occurred within their critical infrastructures. Some know that they do not have the procedures in place to maintain CIP compliance. In many cases, significant system and procedural changes to their operational environment may be required—changes that may be extremely time- and resource-intensive to establish.
What most organizations may not realize is that their IT departments already have a head start on the process through a widely accepted approach to IT service management called the Information Technology Infrastructure Library (ITIL). By using the ITIL framework, companies may be able to achieve and maintain CIP compliance in a much simpler manner than if they did not use any established framework.
With regulatory deadlines looming, the challenge is to recognize synergies between ITIL and CIP and to begin the implementation process.