To assist utilities with assessing and responding to cyber risks, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) recently issued a report on best practices to respond to and recover from cybersecurity incidents in the utility industry.
Like other industries, the utility industry is at high risk for cyber-attacks by bad actors or nation states. Following the cyber-attack against a pipeline earlier this year, [view related post], FERC and NERC issued the guidance based upon the National Institute of Standards and Technology (NIST) cybersecurity incident response lifecycle of preparation, detection and analysis, containment, eradication and recovery, and post-incident activity.
According to the report, an incident response plan should provide personnel responsible for incident response with well-defined roles, so they can respond quickly and effectively and include personnel with appropriate skills and support to respond, mitigate, contain and learn from a cyber incident. The guidance is helpful in outlining the elements of an Incident Response Plan and providing suggestions on how to develop and implement one, which is crucial for utilities to continue operating in the event of an attack.
In addition to attacks by bad actors and nation states, the utility and energy industries are also at risk for attacks through vendors. Therefore, in addition to developing and implementing an incident response plan, a vendor management plan can assist utilities and oil and gas companies to assess and manage the risk of a cyber-attack through vendors.
The Department of Energy’s Office of Energy Efficiency and Renewable Energy (EERE) recently announced a multi-year plan to accelerate cybersecurity research and development in the renewable energy, manufacturing, buildings and transportation sectors. According to EERE, “Cyber threats targeting EERE technologies present an immediate risk to the integrity and availability of energy infrastructure and other systems critical to the nation’s economy, security and well-being.”
These efforts are designed to assess and prevent cyber incidents against critical infrastructure and to respond and mitigate the effects of a cyber incident in these industries, which would have a serious and potentially devastating effect on the U.S. population.