Booz Allen Helps Utilities Update Cybersecurity Standards and Strengthen Performance
Advancing NERC-CIP Compliance for Utilities Through Best Practices
The reason for the change is clear and timely: A report
from the Department of Homeland Security's
1. | Conduct a cybersecurity strategic simulation that will enable a utility to identify security gaps, prioritize assets, and identify areas for improvement - without the consequences of an actual cybersecurity incident or an audit. The controlled environment of a simulation allows participants to safely explore real-world situations, resulting in improved communication, coordination and the identification of any gaps in existing response plans. | ||||
2. | Develop a strategic plan that positions the utility to manage future threats as well as standards. Implementing best practices from the start can serve as a footprint for success, allowing utilities to leverage existing investments in people, processes and technology that ultimately prevent them from overspending. | ||||
3. | Pursue a knowledge management system that will ensure business continuity for today and the future. The aging workforce presents a major industry challenge: an exodus of institutional and technological "know how" that could hamper a company's ability to continue its mission effectively. It is important to establish a team that understands the regulatory environment, threats, and overall enterprise. | ||||
4. | Implement an internal program to address employee cyber "hygiene" and the potential for insider threats. Ultimately, all staff within an organization can pose as a cyber threat - either accidental or intentional. These challenges can no longer be the sole responsibility of IT. Utilities should communicate to all employees the significance of being cyber risk aware, and knowing what to do when a concern arises. | ||||
5. | Acknowledge and understand the difference between compliance and security. Keeping up with standards will help utilities avoid legal exposure, fines, and the like. But that does not necessarily make a utility company more secure - there is no silver bullet formula for security. Rather, cybersecurity is intimately tied to a utility's business strategy and operations, and must be customized to the organization. |
"Utilities will continue to face the challenge of balancing strong cyber
risk management and constantly evolving regulation," said
About
BAHPR-GI
lake_carrie@bah.com
Source:
News Provided by Acquire Media