1 / 12

Cybersecurity: Resources for Public Utility Commissions

Cybersecurity: Resources for Public Utility Commissions. Lynn P. Costantini, DSc, CISSP Deputy Director Center for Partnership and Innovation. Foundational Resources. Risk Management for Critical Infrastructure Protection: An Introduction for State Utility Regulators

adoug
Download Presentation

Cybersecurity: Resources for Public Utility Commissions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity: Resources for Public Utility Commissions Lynn P. Costantini, DSc, CISSP Deputy Director Center for Partnership and Innovation

  2. Foundational Resources Risk Management for Critical Infrastructure Protection: An Introduction for State Utility Regulators Cybersecurity Primer for State Utility Regulators Version 3.0 A Comparative View of Cybersecurity Approaches in the Natural Gas and Electric Sectors- Natural Gas Utility Perspective (webinar)

  3. Cyber Manual Project Purpose: Toolkit that supports meaningful engagement between state regulators and utilities on the topic of cybersecurity. Applicability: All state utility commissions All utility sectors Format: 6 complementary components

  4. Cyber Manual Components • U.S. Cybersecurity Strategy Development Guide • Status of Cybersecurity Strategies at Public Utility Commissions • Glossary of Cybersecurity Terms • Cybersecurity Questions for Regulators to Ask Utilities • Cybersecurity Performance Evaluation Tool (CPET) • State Tabletop Exercises for Cybersecurity

  5. Development Process • Drafting Team • Cyber Manual Working Group, Consultants, and Subject Matter Experts • Iterative review process • Internal • External • DOE

  6. U.S. Cybersecurity Strategy Development Guide Developed in partnership with Cadmus Group LLC, this document is designed to help state commissions create their own cybersecurity strategies. Offers guidance on how to develop objectives, strategic goals, and communications plans for a wider, commission-specific cybersecurity strategy. Available for download now.

  7. Status of State PUC Cybersecurity Strategies Companion to Strategy Development Guide. Provides a point in time view of the current level of PUC/utility engagement across the nation. Based on a survey sent out by NARUC’s Staff Subcommittee on Critical Infrastructure.

  8. Glossary of Cybersecurity Terms A comprehensive glossary of the cybersecurity terms used in the Cyber Manual. Includes additional cybersecurity “terms of art” Intended as a living document; suggestions welcome!

  9. Cybersecurity Questions to Ask Utilities • Designed to help PUCs understand the current state of cybersecurity planning and practice at utilities in their jurisdictions. • Series of structured questions covering 5 cyber risk management domains • Identify • Protect • Detect • Respond • Recover • Builds on NARUC’s Cyber Security Primer for State Utility Regulators Version 3.0.

  10. Cybersecurity Performance Evaluation Tool • A “maturity model” for PUCs • Allows PUCs to evaluate the maturity of utilities’ cybersecurity programs and track improvements year over year. • Measured against standards and best practices (NERC CIP, NIST, ISO) • Companion to Cybersecurity Questions component. • Developed in collaboration with Cadmus Group, LLC.

  11. State Tabletop Exercises for Cybersecurity “How to” guide with resources and examples for how regulators can formulate and implement effective cybersecurity tabletop exercises in their own states with key partners. Available February 2019

  12. Support Resources Regional cybersecurity training for PUC commissioners and staff Cyber Manual Tool Kit training Critical Infrastructure Resource Repository (members only web site)

More Related