Utilities are taking actions to mitigate and manage cybersecurity threats.
As Cybersecurity Director for the Edison Electric Institute (EEI), a DC-based industry advocacy firm that represents the interests of the vast majority of investor owned utilities in the US, Batz is emminently credible as he spends just about every waking hour working with utilities, various Federal and state regulators, and the companies that serve the sector.
At a recent conference in Arlington, VA Batz shared some observations on the state of electric sector cybersecurity preparedness that I liked. Here's one:
In today’s world, cyber attacks and cyber hacking have become monetized and different ventures are using cyber attacks as a ways to generate income .... This poses a problem for law-abiding citizenry and creates a problem for the electric sector.
And also this on the prospect of Smart Grid technology having some potential for positive security outcomes:
There are opportunities to enhance the visibility by the utility into the operational state, particularly for the distribution network, to be able to say, there is an outage at this location and very quickly respond to the outage.For its members, EEI has recently launched a "Threat Scenario Project" which identifies major threats and recommends mitigation approaches for each. Its motivation and origin:
To continue an engagement between the CEO, the CFO, the chief security officer [and] the chief information officer to say where are we doing well, where are we doing less well [and] what makes sense in terms of resource allocation.
That puts EEI in familiar SGSB territory, for in order to assess performance on cybersecurity (or any other) objectives from a business perspective, you have to know a few things, with some precision, like:
- Where you are now
- Where you want/need to be
- What the gaps are between the baseline and roadmap milestones
- What you need to do, as an organization, to fill those gaps, and get to the next level