We can thank the DOE, NRECA, and DC-based software security firm Cigital (and in particular, Cigital's Evgeny Lebanidz) for the impressive and thorough: Guide to Developing a Cyber Security and Risk Mitigation Plan, released recently.
What's NRECA? Hmm, if you don't know that acronym, you must be some kind of big urban utility city slicker. So for your information, it's the National Rural Electric Cooperative Association, about smaller 900 utilities that makes sure that electricity gets not just from point A to point B, but all the way to points X, Y, and Z.
What I like best about this guide is that it has almost nothing to do with compliance, and therefore helps orgs focus on the policies and practices outlined in NISTIR 7628. Speaking of which, at almost 600 pages, it is just too big a beast for most utility security practioners (or anyone else for that matter) to digest. While the community is waiting for implementation guides from NIST that should make 7628 more practical, the just-released NRECA Guide does it break it down into actionable, prioritized parts, beginning with a quick start guide.
Actually, even before that, it reveals its scope and intent:
This document is intended to help cooperatives develop a cyber-security plan for general business purposes, not to address any specific current or potential regulations. Its foundation is the ... NISTIR 7628, which is a survey of standards and related security considerations for the smart grid .... real security requires more than simply compliance with rules – the organization must embrace security as a basic requirement of business operations and develop a broad understanding of security.Often hungry if not starved for resources and guidance, coops need all the help they can get. With the arrival of the NRECA guide, they can begin down a well marked path towards better cyber security and risk mitigation planning in the age of the Smart Grid.
Photo credit: Gloucester on Flickr.com