The energy and utility organizations are facing new cyber security requirements based on NERC-CIP (North American Reliability Corporation Critical Infrastructure Protection). Historically the requirement was focused on ensuring uptime of services, and on the physical and cyber security centers looking for activity that would impact such service. While it is still focused on services, it is now focusing on customer data and the operational control networks.
While the larger utilities have that ability to operate a 24 x7 SOC, the updated compliance regulation applies to all organizations including co-ops, independent power producers and smaller service providers.
The challenges faced are numerous particularly for the smaller organizations, as they may have limited IT staff and limited budgets. The operation must be up and running 24/7/36. The good news for this industry is E-ISAC Electricity Information Sharing and Analysis Center, which is the primary security communications channel for this industry. It’s purpose is to enable organization respond to cyber and physical threats, which could impact the system.
While E-ISAC provides guidance, it is essential that organizations realize the threats that can potentially disrupt service, Symtrex can assist by reviewing the current security posture, identifying potential issues, and provide guidance and recommendations.
Should you wish to receive a consultation feel free to contact us.