Thursday, July 18, 2013

To Secure Your State Grid, First Know Your Public Utility Commission (UPDATED)

19 July 2013 UPDATE: Significant clarification just in from Terry Jarrett, Commissioner of Missouri's Public Service Commission and Chairman of the Committee on Critical Infrastructure at NARUC:
Actually, the NARUC Critical Infrastructure Committee's main focus has been cyber security for the past two years that I have been chairman. Last fall at our annual meeting, incoming NARUC president Phil Jones declared cyber security to be one of the themes of his presidency. To say that cyber will be given more attention in Denver than in the past simply is not factual. 
Thank you Terry.  I'll leave the original post below intact so you can see to what Terry was referring, but please keep his clarification in mind as you do.  ab

-- -- -- -- --

The Advanced Energy Economy Institute (AEE) has a great new site for helping you navigate your way around any of the 50 US states' energy landscapes, including commission leadership, energy portfolio mix, legislation and more. One topic you won't read much about, however, at least not without doing some substantial digging, is cyber security preparedness.

As readers of the SGSB may recall, we've done shout outs to California and Texas, both states having cyber security knowledgable professionals on their Public Utility Commission (PUC) staff, and there are a couple of other states now similarly equipped. Many other states, however, haven't yet made a modest level of cyber security capability a requirement.

With the Business Roundtable (BRT) issuing guidance earlier this year for how organizations should better organize themselves to meet the rising cyber security risks they face, to a recent report drawn from mega-insurer Lloyds of London's survey of CEOs and Board of Directors at the world's top companies showing they now consider cyber security among the top three risks facing their companies, you could say it's well past time for all organizations, and particularly those with public authority and responsibility like state utility commissions, to ensure they are well informed.

Lastly, you should note that the national body representing the interests of state commissions in Washington, NARUC, has demonstrated excellent leadership producing not just one, but two versions of practical cyber security guidance for commissions in the past year. NARUC will be holding its annual summer meetings in Denver next week and I understand cyber security is going to be given much more attention than it's received in the past.  Hmm, maybe this is a good chance to jump-start your commission's cyber security program ....


URLs referenced:

AEE
http://pucportal.aee.net/

CPUC
http://www.cpuc.ca.gov/NR/rdonlyres/D77BA276-E88A-4C82-AFD2-FC3D3C76A9FC/0/TheEvolvingRoleofStateRegulationinCybersecurity9252012FINAL.pdf

Business Roundtable
http://businessroundtable.org/uploads/studies-reports/downloads/Final_More_Intelligent_More_Effective.pdf

Lloyds of London
http://www.lloyds.com/news-and-insight/risk-insight/lloyds-risk-index

NARUC Guidance
http://www.naruc.org/grants/Documents/NARUC%20Cybersecurity%20Primer%202.0.pdf

NARUC Summer Meeting
http://summer.narucmeetings.org/

1 comment:

Bill Shields said...

Would it be smarter for me to just hire someone for my cyber security? Or do most tricks that I could learn just from random people in Calgary work?