in Up Front
print the content item

McLean, Va.-based business and technology solutions provider Booz Allen Hamilton is helping utilities comply with the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) version 5 cybersecurity standards by offering some best practices.

Booz Allen suggests that utilities conduct a cybersecurity strategic simulation to identify security gaps, prioritize assets and determine areas for improvement. The company says the controlled environment of a simulation allows participants to safely explore real-world situations, resulting in improved communication, coordination and the identification of any gaps in existing response plans.

Utilities should also develop a strategic plan to manage future threats, as well as standards, Booz Allen recommends. Implementing best practices from the start, the firm reports, can serve as a footprint for success, allowing utilities to leverage existing investments in people, processes and technology that ultimately prevent them from overspending.

In addition, the company advises that utilities pursue a knowledge management system that will help ensure business continuity for today and the future. Booz Allen notes that the aging workforce presents a major industry challenge, as an exodus of institutional and technological knowledge could hamper a company's ability to continue its mission effectively. Consequently, it is important to establish a team that understands the regulatory environment, threats and overall enterprise.

Booz Allen proposes that utilities implement an internal program to address employee cyber "hygiene" and the potential for insider threats. The company adds that ultimately, all staff within an organization can pose as a cyber threat - either accidental or intentional. These challenges can no longer be the sole responsibility of information technology departments, and utilities should communicate to all employees the significance of being cyber-risk aware and knowing what to do when a concern arises.

Furthermore, the firm says that utilities should acknowledge and understand the difference between compliance and security. Keeping up with standards will help utilities avoid legal exposure, fines and the like, but Booz Allen contends that such activity does not necessarily make a utility more secure because there is no silver bullet formula for security. Rather, cybersecurity is intimately tied to a utility's business strategy and operations and must be customized to the organization.

"Utilities will continue to face the challenge of balancing strong cyber risk management and constantly evolving regulation," remarks David Cronin, principal at Booz Allen. "Going from NERC CIP version 3 to version 5 requires a partner that knows not only the rules, but just as an importantly, has deep industry experience to recognize the diverse needs of utility companies - all while minimizing cost and leveraging existing investments, where possible."

Hybrid Energy Innovations

Hybrid Energy Innovations 2015
Latest Top Stories

Smart Grid Interest Continues To Spread Among U.S. Rural Utilities

A new survey gauges rural smart grid efforts across the country and offers key findings, one of which is that nearly all utilities polled are doing something to modernize their systems.

Global Smart Grid Tech Revenue Slated For Solid Growth

According to a report from Navigant Research, annual revenue for smart grid technologies will reach over $70 billion within the next 10 years.

Utilities Partner With Energy Storage To Harness Renewables

As utilities struggle to incorporate the increased use of intermittent renewable energy resources, such as solar and wind power, onto the grid, the power providers are looking to energy storage.

Smart Meter Fire Probe Points To Sensus Design 'Shortcomings'

There has been more fallout in Saskatchewan: An investigation into SaskPower's halted smart meter program says Sensus Generation 3.3 units "have a tendency to leak" and the utility mishandled the rollout.

Two Years After Superstorm Sandy, Utilities Highlight Grid Efforts

As the U.S. reflects on the monster hurricane that struck in October 2012, utilities note what they have done to help protect against future severe weather.

S&C Electric_id176