|By Business Wire||
|May 5, 2014 11:30 AM EDT||
When the North American Electric Reliability Corporation (NERC) signed Order 791 in January 2014, more than 400 utilities suddenly faced a tight timetable to plan for and comply with version 5 of the Critical Infrastructure Protection (CIP) cybersecurity standards.
The reason for the change is clear and timely: A report from the Department of Homeland Security’s Cyber Emergency Response Team disclosed that the energy industry faced more cyberattacks between October 2012 and May 2013 than any other sector.
Booz Allen understands that for utilities to achieve compliance, it takes a specialized strategy. Before utility organizations embark on addressing the new regulations, Booz Allen offers the following best practices for information security executives to consider on their journey to NERC-CIP version 5 compliance:
|1.||Conduct a cybersecurity strategic simulation that will enable a utility to identify security gaps, prioritize assets, and identify areas for improvement – without the consequences of an actual cybersecurity incident or an audit. The controlled environment of a simulation allows participants to safely explore real-world situations, resulting in improved communication, coordination and the identification of any gaps in existing response plans.|
|2.||Develop a strategic plan that positions the utility to manage future threats as well as standards. Implementing best practices from the start can serve as a footprint for success, allowing utilities to leverage existing investments in people, processes and technology that ultimately prevent them from overspending.|
|3.||Pursue a knowledge management system that will ensure business continuity for today and the future. The aging workforce presents a major industry challenge: an exodus of institutional and technological “know how” that could hamper a company’s ability to continue its mission effectively. It is important to establish a team that understands the regulatory environment, threats, and overall enterprise.|
|4.||Implement an internal program to address employee cyber “hygiene” and the potential for insider threats. Ultimately, all staff within an organization can pose as a cyber threat – either accidental or intentional. These challenges can no longer be the sole responsibility of IT. Utilities should communicate to all employees the significance of being cyber risk aware, and knowing what to do when a concern arises.|
|5.||Acknowledge and understand the difference between compliance and security. Keeping up with standards will help utilities avoid legal exposure, fines, and the like. But that does not necessarily make a utility company more secure – there is no silver bullet formula for security. Rather, cybersecurity is intimately tied to a utility’s business strategy and operations, and must be customized to the organization.|
“Utilities will continue to face the challenge of balancing strong cyber risk management and constantly evolving regulation,” said David Cronin, principal, Booz Allen Hamilton. “Going from NERC-CIP version 3 to the version 5 requires a partner that knows not only the rules, but just as an importantly, has deep industry experience to recognize the diverse needs of utility companies – all while minimizing cost and leveraging existing investments, where possible,” Cronin added.
About Booz Allen Hamilton
Booz Allen Hamilton has been at the forefront of strategy and technology consulting for 100 years. Today, the firm provides business and technology solutions to major corporations in the financial services, heath, and energy markets, leveraging capabilities and expertise developed over decades of helping US government clients in the defense, intelligence, and civil markets solve their toughest problems. Booz Allen is headquartered in McLean, Virginia, employs approximately 23,000 people, and had revenue of $5.76 billion for the 12 months ended March 31, 2013. In 2014, Booz Allen celebrates its 100th anniversary year. To learn more, visit www.boozallen.com. (NYSE: BAH)
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approa...
Aug. 30, 2015 06:45 PM EDT Reads: 361
While many app developers are comfortable building apps for the smartphone, there is a whole new world out there. In his session at @ThingsExpo, Narayan Sainaney, Co-founder and CTO of Mojio, will discuss how the business case for connected car apps is growing and, with open platform companies having already done the heavy lifting, there really is no barrier to entry.
Aug. 30, 2015 05:00 PM EDT Reads: 126
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
Aug. 30, 2015 05:00 PM EDT Reads: 456
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
Aug. 30, 2015 04:00 PM EDT Reads: 146
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of tech...
Aug. 30, 2015 01:30 PM EDT Reads: 214
This Enterprise Strategy Group lab validation report of the NEC Express5800/R320 server with Intel® Xeon® processor presents the benefits of 99.999% uptime NEC fault-tolerant servers that lower overall virtualized server total cost of ownership. This report also includes survey data on the significant costs associated with system outages impacting enterprise and web applications. Click Here to Download Report Now!
Aug. 30, 2015 01:30 PM EDT Reads: 181
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advance...
Aug. 30, 2015 01:00 PM EDT Reads: 276
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on...
Aug. 30, 2015 12:00 PM EDT Reads: 263
Cloud and datacenter migration innovator AppZero has joined the Microsoft Enterprise Cloud Alliance Program. AppZero is a fast, flexible way to move Windows Server applications from any source machine – physical or virtual – to any destination server, in any cloud or datacenter, using its patented container technology. AppZero’s container is also called a Virtual Application Appliance (VAA). To facilitate Microsoft Azure onboarding, AppZero has two purpose-built offerings: AppZero SP for Azure,...
Aug. 30, 2015 11:00 AM EDT Reads: 169
Organizations from small to large are increasingly adopting cloud solutions to deliver essential business services at a much lower cost. According to cyber security experts, the frequency and severity of cyber-attacks are on the rise, causing alarm to businesses and customers across a variety of industries. To defend against exploits like these, a company must adopt a comprehensive security defense strategy that is designed for their business. In 2015, organizations such as United Airlines, Sony...
Aug. 30, 2015 10:30 AM EDT Reads: 431
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Aug. 30, 2015 10:30 AM EDT Reads: 870
Consumer IoT applications provide data about the user that just doesn’t exist in traditional PC or mobile web applications. This rich data, or “context,” enables the highly personalized consumer experiences that characterize many consumer IoT apps. This same data is also providing brands with unprecedented insight into how their connected products are being used, while, at the same time, powering highly targeted engagement and marketing opportunities. In his session at @ThingsExpo, Nathan Trel...
Aug. 30, 2015 10:15 AM EDT Reads: 220
Red Hat is investing in Tesora, the number one contributor to OpenStack Trove Database as a Service (DBaaS) also ranked among the top 20 companies contributing to OpenStack overall. Tesora, the company bringing OpenStack Trove Database as a Service (DBaaS) to the enterprise, has announced that Red Hat and others have invested in the company as a part of Tesora's latest funding round. The funding agreement expands on the ongoing collaboration between Tesora and Red Hat, which dates back to Febr...
Aug. 30, 2015 10:00 AM EDT Reads: 336
IBM’s Blue Box Cloud, powered by OpenStack, is now available in any of IBM’s globally integrated cloud data centers running SoftLayer infrastructure. Less than 90 days after its acquisition of Blue Box, IBM has integrated its Blue Box Cloud Dedicated private-cloud-as-a-service into its broader portfolio of OpenStack® based solutions. The announcement, made today at the OpenStack Silicon Valley event, further highlights IBM’s continued support to deliver OpenStack solutions across all cloud depl...
Aug. 30, 2015 10:00 AM EDT Reads: 225
Everyone talks about continuous integration and continuous delivery but those are just two ends of the pipeline. In the middle of DevOps is continuous testing (CT), and many organizations are struggling to implement continuous testing effectively. After all, without continuous testing there is no delivery. And Lab-As-A-Service (LaaS) enhances the CT with dynamic on-demand self-serve test topologies. CT together with LAAS make a powerful combination that perfectly serves complex software developm...
Aug. 30, 2015 09:45 AM EDT Reads: 189