The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

Spring Cleaning for your Cyber Program

image credit: Photo by Alexandru Dinca from Pexels

We’re approaching the time of the year when the grass starts to turn green, the trees start to bud out and we all need to get spring cleaning done. It’s also a great time to look at your cyber program and make sure you’re on track to accomplish your long-term goals. Here are three recommended areas for review to see if your program is heading in the right direction or if you need some mid-course corrections.

With the COVID-19 pandemic starting to abate slightly, now is a good time to review security projects that may have been delayed due to field work, travel, or other pandemic-related issues. Perhaps staff training can start in person again – there’s no substitute for being able to talk with an instructor face to face about specific issues or challenges. The industrial control system training from the Cybersecurity and Infrastructure Security Agency (CISA) from the U.S. Department of Homeland Security is available at no tuition cost. It is unknown when this training will start in person again, but it is well worth the cost to travel when it is available.

Because of the massive hack of SolarWinds and the resulting chaos from this event, all cyber programs need to review their security monitoring strategy. This area for Operational Technology (OT) systems is typically limited to a sensor or two at the electronic security boundary. This implementation is starting to show its age in the supply chain attack era. OT systems need to include internal communications and device interface monitoring as part of their design. Integrating SCADA alerts and alarms into the security monitoring strategy is a good first step for those devices that support SCADA but not syslog or other security logging mechanisms. The next step may include mirrored ports on substation switches that capture network traffic between devices coupled with a sensor programmed to alert on potentially anomalous or malicious SCADA traffic, non-SCADA traffic, and other indicators of compromise.

Worth mentioning is the Federal Energy Regulatory Commission (FERC) Notice of Proposed Rulemaking (NOPR) related to incentives for public utilities that make cybersecurity investments above and beyond the baseline requirements of NERC CIP. This NOPR will apply to each utility differently and is tied to adjustments in the allowable transmission rate recovery that FERC has jurisdiction over. Utilities that may be eligible and interested will need to make their own benefit calculations.

These are just a few areas to review. Each organization will have its own set of priorities and goals – the important point is to keep moving the program forward and address areas that may have unacceptable risks. Enjoy the warmer weather – take a walk and clear your head. Then see if your cyber program is on track to reduce risk for your organization.

Jeff Pack's picture

Thank Jeff for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »