|By Business Wire||
|May 5, 2014 11:30 AM EDT||
When the North American Electric Reliability Corporation (NERC) signed Order 791 in January 2014, more than 400 utilities suddenly faced a tight timetable to plan for and comply with version 5 of the Critical Infrastructure Protection (CIP) cybersecurity standards.
The reason for the change is clear and timely: A report from the Department of Homeland Security’s Cyber Emergency Response Team disclosed that the energy industry faced more cyberattacks between October 2012 and May 2013 than any other sector.
Booz Allen understands that for utilities to achieve compliance, it takes a specialized strategy. Before utility organizations embark on addressing the new regulations, Booz Allen offers the following best practices for information security executives to consider on their journey to NERC-CIP version 5 compliance:
|1.||Conduct a cybersecurity strategic simulation that will enable a utility to identify security gaps, prioritize assets, and identify areas for improvement – without the consequences of an actual cybersecurity incident or an audit. The controlled environment of a simulation allows participants to safely explore real-world situations, resulting in improved communication, coordination and the identification of any gaps in existing response plans.|
|2.||Develop a strategic plan that positions the utility to manage future threats as well as standards. Implementing best practices from the start can serve as a footprint for success, allowing utilities to leverage existing investments in people, processes and technology that ultimately prevent them from overspending.|
|3.||Pursue a knowledge management system that will ensure business continuity for today and the future. The aging workforce presents a major industry challenge: an exodus of institutional and technological “know how” that could hamper a company’s ability to continue its mission effectively. It is important to establish a team that understands the regulatory environment, threats, and overall enterprise.|
|4.||Implement an internal program to address employee cyber “hygiene” and the potential for insider threats. Ultimately, all staff within an organization can pose as a cyber threat – either accidental or intentional. These challenges can no longer be the sole responsibility of IT. Utilities should communicate to all employees the significance of being cyber risk aware, and knowing what to do when a concern arises.|
|5.||Acknowledge and understand the difference between compliance and security. Keeping up with standards will help utilities avoid legal exposure, fines, and the like. But that does not necessarily make a utility company more secure – there is no silver bullet formula for security. Rather, cybersecurity is intimately tied to a utility’s business strategy and operations, and must be customized to the organization.|
“Utilities will continue to face the challenge of balancing strong cyber risk management and constantly evolving regulation,” said David Cronin, principal, Booz Allen Hamilton. “Going from NERC-CIP version 3 to the version 5 requires a partner that knows not only the rules, but just as an importantly, has deep industry experience to recognize the diverse needs of utility companies – all while minimizing cost and leveraging existing investments, where possible,” Cronin added.
About Booz Allen Hamilton
Booz Allen Hamilton has been at the forefront of strategy and technology consulting for 100 years. Today, the firm provides business and technology solutions to major corporations in the financial services, heath, and energy markets, leveraging capabilities and expertise developed over decades of helping US government clients in the defense, intelligence, and civil markets solve their toughest problems. Booz Allen is headquartered in McLean, Virginia, employs approximately 23,000 people, and had revenue of $5.76 billion for the 12 months ended March 31, 2013. In 2014, Booz Allen celebrates its 100th anniversary year. To learn more, visit www.boozallen.com. (NYSE: BAH)
The web app is agile. The REST API is agile. The testing and planning are agile. But alas, data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes that force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software organ...
Oct. 9, 2015 08:00 PM EDT Reads: 924
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
Oct. 9, 2015 08:00 PM EDT Reads: 310
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Oct. 9, 2015 07:45 PM EDT Reads: 152
As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ability. Many are unable to effectively engage and inspire, creating forward momentum in the direction of desired change. Renowned for its approach to leadership and emphasis on their people, organizations increasingly look to our military for insight into these challenges.
Oct. 9, 2015 07:45 PM EDT Reads: 166
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi's VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driv...
Oct. 9, 2015 07:30 PM EDT Reads: 121
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. Migration to cloud shifts computing resources from your data center, which can yield significant advantages provided that the cloud vendor an offer enterprise-grade quality for your application.
Oct. 9, 2015 07:30 PM EDT Reads: 303
Achim Weiss is Chief Executive Officer and co-founder of ProfitBricks. In 1995, he broke off his studies to co-found the web hosting company "Schlund+Partner." The company "Schlund+Partner" later became the 1&1 web hosting product line. From 1995 to 2008, he was the technical director for several important projects: the largest web hosting platform in the world, the second largest DSL platform, a video on-demand delivery network, the largest eMail backend in Europe, and a universal billing syste...
Oct. 9, 2015 06:45 PM EDT Reads: 212
Electric power utilities face relentless pressure on their financial performance, and reducing distribution grid losses is one of the last untapped opportunities to meet their business goals. Combining IoT-enabled sensors and cloud-based data analytics, utilities now are able to find, quantify and reduce losses faster – and with a smaller IT footprint. Solutions exist using Internet-enabled sensors deployed temporarily at strategic locations within the distribution grid to measure actual line lo...
Oct. 9, 2015 06:30 PM EDT Reads: 102
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and Containers together help companies to achieve their business goals faster and more effectively.
Oct. 9, 2015 06:15 PM EDT Reads: 193
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Oct. 9, 2015 06:00 PM EDT Reads: 323
The Internet of Everything is re-shaping technology trends–moving away from “request/response” architecture to an “always-on” Streaming Web where data is in constant motion and secure, reliable communication is an absolute necessity. As more and more THINGS go online, the challenges that developers will need to address will only increase exponentially. In his session at @ThingsExpo, Todd Greene, Founder & CEO of PubNub, will explore the current state of IoT connectivity and review key trends an...
Oct. 9, 2015 05:30 PM EDT Reads: 107
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
Oct. 9, 2015 04:00 PM EDT Reads: 242
Chris Van Tuin, Chief Technologist for the Western US at Red Hat, has over 20 years of experience in IT and Software. Since joining Red Hat in 2005, he has been architecting solutions for strategic customers and partners with a focus on emerging technologies including IaaS, PaaS, and DevOps. He started his career at Intel in IT and Managed Hosting followed by leadership roles in services and sales engineering at Loudcloud and Linux startups.
Oct. 9, 2015 04:00 PM EDT Reads: 225
You have your devices and your data, but what about the rest of your Internet of Things story? Two popular classes of technologies that nicely handle the Big Data analytics for Internet of Things are Apache Hadoop and NoSQL. Hadoop is designed for parallelizing analytical work across many servers and is ideal for the massive data volumes you create with IoT devices. NoSQL databases such as Apache HBase are ideal for storing and retrieving IoT data as “time series data.”
Oct. 9, 2015 03:45 PM EDT Reads: 510
The IoT market is on track to hit $7.1 trillion in 2020. The reality is that only a handful of companies are ready for this massive demand. There are a lot of barriers, paint points, traps, and hidden roadblocks. How can we deal with these issues and challenges? The paradigm has changed. Old-style ad-hoc trial-and-error ways will certainly lead you to the dead end. What is mandatory is an overarching and adaptive approach to effectively handle the rapid changes and exponential growth.
Oct. 9, 2015 03:00 PM EDT Reads: 211