via Intelligent Utility
Talk about “getting down to the skinny” about utility cyber security needs!
Yesterday, the National Rural Electric Cooperative Association (NRECA) released both to the industry and to other interested stakeholders a cyber security toolkit like no other in this industry to date.
“We believe it’s the first in the industry, and it’s open to use,” said Martin Lowery, NRECA’s vice president of external affairs. And by “open to use” he means wide open: it’s already being used by the 23 electric cooperatives participating in the Cooperative Research Network’s $68 million, cost-shared (with the U.S. Department of Energy) regional smart grid demonstration project.
The toolkit, “Guide to Developing a Cyber Security and Risk Mitigation Plan,” includes a guide, a risk mitigation checklist and a step-by-step template, and is already available on the NRECA Web site. Its intent, according to Lowery, is “creating a culture of vigilance and continuous process improvement around cyber security.”
“You can’t say, ‘I’m secure’ and you’re done. The question is, ‘How can I improve?'” added Craig Miller, project manager for the multi-co-op demonstration project.
This open-source toolkit blows the lid off the inferred taboo of discussing cyber security plans and methodologies in public. “I think they use the fig leaf, ‘If we talk about security, we’ll be vulnerable,'” Lowery said. “That’s nonsense.”
Every tool in this kit has incredible value, in my opinion. In terms of “vertical” and “horizontal” communications within the industry, and industry to government, this toolkit (which grew out of the research and development side of a DOE-supported smart grid demonstration project) is valuable to both. (“Vertical” and “horizontal” communications about cyber security is defined and discussed by Edison Electric Institute’s David Owens here.)