Despite the uncertainty about utility cyber security regulations, there are steps that electric utilities, owners and operators of generation and transmission facilities, and industrials with on-site generation can take now to promote greater security for their facilities. Here are 10 strategies that compliance officers and regulatory affairs personnel can implement today to combat cyber threats that may compromise physical electrical infrastructure. (This is by no means a comprehensive list.) Beyond the minimum required by law, a security culture helps establish an environment in which compliance with any new requirements that are ultimately adopted can be successfully implemented, ensuring a secure and resilient infrastructure.
Strategy 1: Get Upper Management on Board
Any compliance strategy must start at the top. A fully informed, supportive, and actively engaged upper management is critical to a successful cyber security compliance program. The key personnel involved in cyber security should explain to upper management the need for internal, proactive efforts to mitigate the risk of cyber attack and its potential impact on physical infrastructure, including actions not strictly required by law but nonetheless useful in protecting against cyber attack. Upper management sets the tone for the organization, and by visibly making cyber security a priority can help ensure that all employees are vigilant and perform the roles that support a secure infrastructure.
Strategy 2: Designate a Chief Security Officer
In any effective compliance program, a strong and capable leader must take the reins. A chief security officer position should be created and the duties, responsibilities, and objectives of the position should be clearly specified. Whether a company creates a new, stand-alone position or integrates the chief security officer role within an existing position will depend on the business structure and unique characteristics of the company (for example, a smaller organization may not be able to devote resources to a stand-alone position). Importantly, the chief security officer must be someone who possesses the necessary clout to get things done. The absence of such an individual risks implementing a cyber security compliance program that lacks teeth and fails to effectively combat cyber threats.
Share
Email
Comments
Print
BlinkList
Blogmarks
Del.icio.us
Digg
Favoriting
Furl
Google Bookmarks
Netscape
Newsvine
Reddit
Simpy
StumbleUpon
Technorati
Twitter
Windows Live
Yahoo! My Web