in Up Front
print the content item

McLean, Va.-based business and technology solutions provider Booz Allen Hamilton is helping utilities comply with the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) version 5 cybersecurity standards by offering some best practices.

Booz Allen suggests that utilities conduct a cybersecurity strategic simulation to identify security gaps, prioritize assets and determine areas for improvement. The company says the controlled environment of a simulation allows participants to safely explore real-world situations, resulting in improved communication, coordination and the identification of any gaps in existing response plans.

Utilities should also develop a strategic plan to manage future threats, as well as standards, Booz Allen recommends. Implementing best practices from the start, the firm reports, can serve as a footprint for success, allowing utilities to leverage existing investments in people, processes and technology that ultimately prevent them from overspending.

In addition, the company advises that utilities pursue a knowledge management system that will help ensure business continuity for today and the future. Booz Allen notes that the aging workforce presents a major industry challenge, as an exodus of institutional and technological knowledge could hamper a company's ability to continue its mission effectively. Consequently, it is important to establish a team that understands the regulatory environment, threats and overall enterprise.

Booz Allen proposes that utilities implement an internal program to address employee cyber "hygiene" and the potential for insider threats. The company adds that ultimately, all staff within an organization can pose as a cyber threat - either accidental or intentional. These challenges can no longer be the sole responsibility of information technology departments, and utilities should communicate to all employees the significance of being cyber-risk aware and knowing what to do when a concern arises.

Furthermore, the firm says that utilities should acknowledge and understand the difference between compliance and security. Keeping up with standards will help utilities avoid legal exposure, fines and the like, but Booz Allen contends that such activity does not necessarily make a utility more secure because there is no silver bullet formula for security. Rather, cybersecurity is intimately tied to a utility's business strategy and operations and must be customized to the organization.

"Utilities will continue to face the challenge of balancing strong cyber risk management and constantly evolving regulation," remarks David Cronin, principal at Booz Allen. "Going from NERC CIP version 3 to version 5 requires a partner that knows not only the rules, but just as an importantly, has deep industry experience to recognize the diverse needs of utility companies - all while minimizing cost and leveraging existing investments, where possible."

Hybrid Energy Innovations

Hybrid Energy Innovations 2015
Latest Top Stories

Two Years After Superstorm Sandy, Utilities Highlight Grid Efforts

As the U.S. reflects on the monster hurricane that struck in October 2012, utilities note what they have done to help protect against future severe weather.


USDA Invests $1.4 Billion To Boost Rural Grids Around The Country

The U.S. Department of Agriculture (USDA) has announced more loan guarantees for rural power companies and renewable energy firms in 21 states.


SPP Raises Concerns About EPA's Proposed Clean Power Plan

Stakeholders around the U.S. are mulling over the Environmental Protection Agency's blueprint to cut emissions from existing power plants. The Southwest Power Pool has released its assessment of the plan.


Comverge, Constellation To Merge Demand Response Businesses

The two companies have announced a deal to combine their DR operations serving commercial and industrial customers and establish a new, standalone entity.


Grid-Scale Energy Storage Continues Making Inroads

A new report from Navigant Research highlights the biggest markets and most popular technologies for grid-scale energy storage.

S&C Electric_id176
edf_id180