|
|
New Cybersecurity Specs Target Power Grid Energy companies will soon be required to identify and document risks and vulnerabilities, and establish controls to secure critical assets from attack now that the Federal Electric Regulatory Commission (FERC) has passed new cybersecurity standards. In an article on the EE Times website, Sheila Riley says the new rules also mandate that energy companies report any security incidents and create recovery plans. The North American Electric Reliability Corp. (NERC) proposed the standards. “They’re the most comprehensive operations technology governance for the industry that’s available,” Bradley Williams, an analyst with Gartner, told Riley. “This is good for the industry. We have seen that the operations technologies have not kept up with the governance required around these complex IT systems.” But the new rules mean utilities will have to come up with plenty of cash, Riley says. Among the investments energy companies will have to make are backup recovery systems, test environments, monitoring and compliance. The new standards, which require compliance by 2010, will become mandatory in March. They require policies, plans, and procedures in eight areas, including:
|
