A Holistic Cyber Strategy

Deck: 

Security must be organizational – simply complying will leave you vulnerable.

Fortnightly Magazine - January 2016
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

Cyber incidents used to be sporadic. Now they're front-page news. Sony Pictures Entertainment, Target, JPMorgan Chase, and Anthem count as just a few of the most recent casualties - now known not just for the products they sell and the services they provide, but also for the data breaches that have damaged their reputations.

For utilities, security has been on the radar for some time now, with baseline standards under development from the early 2000s. 

The Energy Policy Act of 2005 created an Electric Reliability Organization (ERO) to develop and enforce mandatory cybersecurity standards. The North American Electric Reliability Corporation (NERC) was designated as the ERO in 2006 and has worked with electric power industry experts to develop the NERC Critical Infrastructure Protection (CIP) standards, which were approved by the Federal Energy Regulatory Commission (FERC) in 2008, making them mandatory for owners and operators of the bulk electric system.

And these standards have been updated since 2008, as threats continue to evolve. The latest set of CIP standards, Version 5, which was approved by FERC in November 2013 with modifications, is set to take effect in April 2016, with the utility industry considering how it will comply this latest and even future versions.

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.