According to SGIP, the whitepaper ‘NIST Cybersecurity Framework Implementation Case Study’ aims to help utility firms to implement cybersecurity framework developed by the National Institute of Standards and Technology (NIST).
The SGIP says the whitepaper is drafted to help energy providers to integrate the NIST cybersecurity framework with the Department of Energy’s Cybersecurity Maturity Model to implement an effective and sustainable cybersecurity risk management programme.
The SGIP claims that the paper falls under its efforts to help in the modernisation of grid networks to enable a sustainable energy future.
The whitepaper comprises nine recommendations which utility firms can follow in deploying cybersecurity programmes.
According to the SGIP, utility companies should:
In steps one and two, the SGIP recommends utilities to identify their business functional areas and sponsors for the implementation of cybersecurity programmes using the NIST and DoE’s frameworks.
The two steps would also allow energy companies to establish their cybersecurity risk management strategy and would include:
In step 4, a utility will conduct a risk assessment that will identify the security posture for each business function by identifying, locating and classifying digital assets based on the potential harm to the organisation should the assets and data become compromised.
The SGIP recommends that briefing of executive management on a utility’s cybersecurity state through a dashboard should be done on at least an annual basis.
The briefing should include highlights on areas of greatest and lowest maturity, drivers behind changes since previous briefings and clarifications on the company’s cybersecurity and operational targets.
In creating an action plan, the SGIP concludes that utility firms need to:
Image credit: Shutterstock.