SGIP issues recommendations on utility cybersecurity projects


The smart grid industry consortium focusing on grid modernisation highlights the need for the utilities’ objectives to concentrate on IT and OT.

The organisation states that utility companies should be very clear in its objectives when deploying the programmes as well as what they are expecting from the projects.

Some of the objectives the SGIP list include, utilities efforts to identify their security gaps, to plan to implement measures to curb cyber attacks and ensure grid security and reliability.

Barriers to successful cybersecurity deployments

According to the SGIP, the challenges which utilities are facing in the deployment of the technologies include the existence of various cybersecurity terminology, resulting in huge confusion amongst utilities in describing and sharing cybersecurity terminology and risk.

The SGIP also finds power companies facing a huge burden in implementing self-assessment initiatives.

“There are many resources [for implementation] just no silver bullet. The frameworks define requirements to improve cybersecurity. To actually implement and deploy cybersecurity improvements it is still necessary to go through design, test and implementation phases,” commented a member of the SGIP.

The SGIP adds that for the rollout of the technologies, utilities need to create a current security profile, conduct a risk assessment, create a target profile, determine gaps and implement an action plan.

Cybersecurity frameworks

However, most importantly utilities should determine the framework model or combination of models they want to use for the deployment of the programmes.

To help the utility companies to address some of the key challenges faced in the rollout of anti-cyber attacks projects, the SGIP drafted some recommendations in the form of a whitepaper.

The paper, Implementing Cybersecurity Frameworks, presents the lessons learnt by SGIP utility members, in using the frameworks developed by the US National Institute of Technology and Standards (NIST) and the Departments of Energy.

NIST developed its standards in 2014 which provides companies with a risk-based approach on how to secure their grids.

The framework was developed in conjunction with the International Standardisation Organisation and is said to provide utilities with a common language for internal and external communication of security issues.

In 2012, the department of energy also released its Electric Subsector Cybersecurity Capability Maturity Model helping firms to plan for, implement and manage the programmes.


Image credit: