in Up Front
print the content item

McLean, Va.-based business and technology solutions provider Booz Allen Hamilton is helping utilities comply with the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) version 5 cybersecurity standards by offering some best practices.

Booz Allen suggests that utilities conduct a cybersecurity strategic simulation to identify security gaps, prioritize assets and determine areas for improvement. The company says the controlled environment of a simulation allows participants to safely explore real-world situations, resulting in improved communication, coordination and the identification of any gaps in existing response plans.

Utilities should also develop a strategic plan to manage future threats, as well as standards, Booz Allen recommends. Implementing best practices from the start, the firm reports, can serve as a footprint for success, allowing utilities to leverage existing investments in people, processes and technology that ultimately prevent them from overspending.

In addition, the company advises that utilities pursue a knowledge management system that will help ensure business continuity for today and the future. Booz Allen notes that the aging workforce presents a major industry challenge, as an exodus of institutional and technological knowledge could hamper a company's ability to continue its mission effectively. Consequently, it is important to establish a team that understands the regulatory environment, threats and overall enterprise.

Booz Allen proposes that utilities implement an internal program to address employee cyber "hygiene" and the potential for insider threats. The company adds that ultimately, all staff within an organization can pose as a cyber threat - either accidental or intentional. These challenges can no longer be the sole responsibility of information technology departments, and utilities should communicate to all employees the significance of being cyber-risk aware and knowing what to do when a concern arises.

Furthermore, the firm says that utilities should acknowledge and understand the difference between compliance and security. Keeping up with standards will help utilities avoid legal exposure, fines and the like, but Booz Allen contends that such activity does not necessarily make a utility more secure because there is no silver bullet formula for security. Rather, cybersecurity is intimately tied to a utility's business strategy and operations and must be customized to the organization.

"Utilities will continue to face the challenge of balancing strong cyber risk management and constantly evolving regulation," remarks David Cronin, principal at Booz Allen. "Going from NERC CIP version 3 to version 5 requires a partner that knows not only the rules, but just as an importantly, has deep industry experience to recognize the diverse needs of utility companies - all while minimizing cost and leveraging existing investments, where possible."


Hse SandyHook
Latest Top Stories

SaskPower Halts Smart Meter Installations Following Fires

The Canadian utility has suspended its smart meter deployment as it investigates half a dozen fires associated with the meters.


New Study Underscores Value Of Customer Engagement, Ranks Most-Trusted U.S. Utilities

According to the report, which analyzes 125 utilities across the country, earning a customer's trust can lead to monetary gains.


Washington State Doles Out Cash For Utility Energy Storage Projects

Three utilities have been awarded millions of dollars in grants to explore energy storage technology that could help integrate renewable and improve the power grid.


Utilities Reveal Just How Much Customers Are Saving With Energy Efficiency Programs

Two U.S. utility companies have issued progress reports and solid numbers regarding their respective initiatives.


Middle East And North African Countries To Spend Billions On Smart Grids, Solar Integration

According to a new report from Northeast Group LLC, the MENA region will make big investments to modernize the grid and add more solar power by 2024.

S&C Electric_id176
edf_id180