in Up Front
print the content item

McLean, Va.-based business and technology solutions provider Booz Allen Hamilton is helping utilities comply with the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) version 5 cybersecurity standards by offering some best practices.

Booz Allen suggests that utilities conduct a cybersecurity strategic simulation to identify security gaps, prioritize assets and determine areas for improvement. The company says the controlled environment of a simulation allows participants to safely explore real-world situations, resulting in improved communication, coordination and the identification of any gaps in existing response plans.

Utilities should also develop a strategic plan to manage future threats, as well as standards, Booz Allen recommends. Implementing best practices from the start, the firm reports, can serve as a footprint for success, allowing utilities to leverage existing investments in people, processes and technology that ultimately prevent them from overspending.

In addition, the company advises that utilities pursue a knowledge management system that will help ensure business continuity for today and the future. Booz Allen notes that the aging workforce presents a major industry challenge, as an exodus of institutional and technological knowledge could hamper a company's ability to continue its mission effectively. Consequently, it is important to establish a team that understands the regulatory environment, threats and overall enterprise.

Booz Allen proposes that utilities implement an internal program to address employee cyber "hygiene" and the potential for insider threats. The company adds that ultimately, all staff within an organization can pose as a cyber threat - either accidental or intentional. These challenges can no longer be the sole responsibility of information technology departments, and utilities should communicate to all employees the significance of being cyber-risk aware and knowing what to do when a concern arises.

Furthermore, the firm says that utilities should acknowledge and understand the difference between compliance and security. Keeping up with standards will help utilities avoid legal exposure, fines and the like, but Booz Allen contends that such activity does not necessarily make a utility more secure because there is no silver bullet formula for security. Rather, cybersecurity is intimately tied to a utility's business strategy and operations and must be customized to the organization.

"Utilities will continue to face the challenge of balancing strong cyber risk management and constantly evolving regulation," remarks David Cronin, principal at Booz Allen. "Going from NERC CIP version 3 to version 5 requires a partner that knows not only the rules, but just as an importantly, has deep industry experience to recognize the diverse needs of utility companies - all while minimizing cost and leveraging existing investments, where possible."


Hybrid Energy Innovations 2015
Latest Top Stories

Sensus Issues Refund To SaskPower After Smart Meter Woes

As SaskPower continues to swap out its Sensus units following several meter failures, the two companies have reached an agreement in order for the utility to recover costs.


The Smart Utility's Guide To Choosing A Smart Meter

Electricity providers across North America are taking on grid modernization. This article outlines the myriad factors a utility should consider in order to select the best-possible smart meter.


DOE Report: U.S. Wind Power Prices Reach All-Time Low

According to the U.S. Department of Energy (DOE), wind power continues to play a larger role in the U.S.' energy mix and is the cheapest it has ever been in the country.


Survey Reveals What U.S. Consumers Expect From Their Utilities

GE's new survey measures Americans' views on the state and future of the grid, as well as how much extra consumers would be willing to pay for better power reliability.


How A GIS Can Help Utilities Address The Aging Workforce And Capitalize On Data

Baby Boomers, whose experience and know-how have served the utility industry so well for decades, are retiring. The author suggests utilities can use a geographic information system (GIS) to fill in resultant knowledge gaps.

S&C Electric_id176
Hybrid Energy Innovations 2015
Future Energy_id187
edf_id180