NERC to begin cyber risk preparedness assessment


Rick Sergel,
President & CEO,
Princeton, NJ, U.S.A. — (METERING.COM) — June 22, 2009 – The North American Electric Reliability Corporation (NERC) is shortly to coordinate an industry-led voluntary assessment focusing on the detection, response, and mitigation capabilities for cyber incidents.

The assessment will look beyond NERC’s current cyber security standards for practices, procedures, and technologies that contribute to cyber preparedness across the industry. Generalized, aggregated results from the assessment will be used to inform standards development activities, alert the industry to potential areas of concern, and identify areas where research and development investment is needed.

For security reasons, specific results of the assessment will remain confidential, a key condition of participation in the program.

This is one of a number of cyber security programs that NERC is involved in, the organization says in a statement.

NERC’s revised eight cyber security standards have been filed for regulatory approval in the United States and are already mandatory and enforceable in parts of Canada. Work on phase two revisions continues, with initial industry validation on track for the fourth quarter of 2009. The organization continues to evaluate compliance with the existing standards, with compliance audits scheduled to begin for priority facilities on an initial set of 13 requirements on July 1, 2009.

NERC’s next generation secure alerting portal has begun beta testing in preparation for formal launch in the July-August timeframe. This new portal will facilitate NERC’s alerts process, whereby the organization is able to notify nearly 5,000 industry personnel at utilities, grid operations centers, power plants, and transmission facilities of emerging vulnerabilities as they arise. For priority issues, NERC is able to require entities to acknowledge receipt of an alert and report to NERC on the status of efforts to address the issue.

NERC is also finalizing plans to conduct a series of educational events designed to assist power companies in complying with its cyber security standards. The sessions will also promote a better understanding of the effects cyber risks and vulnerabilities may have on current planning and operational practices. Scheduled to begin with a series of online webinars, the initiative will also include secured and classified industry briefings coordinated with the U.S. and Canadian governments.

“Cyber security and critical infrastructure protection continue to be a top priority for our organization as we work to ensure the reliability of the bulk power system in North America,” commented NERC President and CEO Rick Sergel. “The electric industry has supported our organization every step of the way.”