The North American Electric Reliability Council's new cybersecurity standards for critical infrastructure protection have eight categories, which apply utility risk management analyses to networked systems. A thumbnail description of the main areas:You can bet that the drafting team has pulled their language from many of the standards that have already been in practice for years. In fact, most of the launch point for this effort came from work done soon after 9/11. How soon other industry sectors decide to adopt this framework will likely be decided by the lobby shops. Politics aside, the electric utility sector has moved into a phase of self-regulation and for good reason.
- Critical cyberassets
- Security Management Controls
- Personnel and training
- Electronic security
- Physical security
- Systems Security Management
- Incident Reporting and Response Planning
- Recovery plan
The huge blackout of Aug. 14, 2003, in which a software glitch at a single electrical provider in Ohio cascaded into an event in which 50 million people in North America lost power, underscored the importance of the reliability standards discussion. But Miserendino says that the group's biggest motivator was the threat that FERC might come in and do the regulating for it. In part, he says, that's because the 2005 Energy Act made FERC responsible for electrical transmission reliability and gave the federal agency the ability to fine utilities for noncompliance.We can only hope that other Critical Infrastructure sectors take the same initiative sooner than later. As private enterprises, you can do it your way now or face the governments perspective later.
operational risk
No comments:
Post a Comment