Senior decision-makers come together to connect around strategies and business trends affecting utilities.

Post

Article: COVID-19 forces delay of 7 reliability standards, including cybersecurity supply chain protections

James Moralez, P.E.'s picture
Executive Director / Principal Advisor Maxwood Solutions

Executive Director / Principal Advisor and Founder of Maxwood Solutions, a Minority / SDVOSB (Service-Disabled Veteran Owned Small Business) serving the U.S. in providing Resilience and Incident...

  • Member since 2020
  • 5 items added with 2,988 views
  • May 4, 2020
  • 635 views

Though this action will give many utilities additional time to implement and test, for those that would see it as more time before having to start, I'm not sure if hackers or other nefarious cyber individuals are taking a 90-day break. In today's cyber culture, security should never be placed on hold when implementing a change to a system. Part of a good resilience plan is the ability to adapt to changing changing environments, and will test strategies already put in place.

Your access to Member Features is limited.

 

James Moralez, P.E.'s picture
Thank James for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Matt Chester's picture
Matt Chester on May 4, 2020

I'm not sure if hackers or other nefarious cyber individuals are taking a 90-day break

Amen to that-- cybersecurity measures need to be a tier 1 priority, just like making sure equipment is still operational to get to customers even during a crisis. Not only will those bad actors not take a 90-day break, but surely they smell opportunity when things are tough for the utilities and resources are stretched

James Moralez, P.E.'s picture
James Moralez, P.E. on May 4, 2020

Matt, Thank you for responding. Security should never be treated solely as a compliance task. Compliance does not equal security, yet I see so many utilities preferring to just check the box. James

Richard Brooks's picture
Richard Brooks on May 5, 2020

Thanks, James. I've witnessed the same response regarding compliance vs security. Sure, a compliance violation might cost a company a few thousand dollars, but a security breach can cost millions and, in the worst case, destroy a company. They are worried about the pennies and don't seem to pay nearly as much attention to the dollars that are at risk. Pain is a very effective educator, for those unfortunate enough to become a student. Just ask Maersk about their $300 million dollar ransomeware hit.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »