In Brief

Cybersecurity Standards for Electric Industry

The North American Electric Reliability Councils new cybersecurity standards for critical infrastructure protection

By Michael Fitzgerald

January 11, 2007CSOCritical cyberassets

Defines critical cyberassets involved in power generation, such as control center assets, transmission substations, backup generators, protection systems and equipment involved in restoring power supplies. Such assets could include monitoring and control systems, automatic generation controls, real-time power system modeling tools, real-time interutility data exchanges and network communication protocols.

Security Management

Controls Establishes requirements for formal cybersecurity policies, such as identifying a lead security manager and reporting on changes and exceptions in security controls.

Personnel and training 

Requires at least one cybersecurity training exercise per quarter, plus annual training. Also requires preemployment background checks.

Electronic security

Requires establishing a security perimeter (including access controls) and performing cyber­vulnerability assessments and securing cyberassets. Includes monitoring network traffic, intrusion detection and data retention.

Physical security

Establishes plan for protecting physical equipment needed for cybersecurity. Includes guidelines for housing such equipment behind walls and monitoring physical access to systems, with provisions for escorts, alarms and video surveillance.

Systems Security Management

Establishes rules for how to securely manage and monitor information systems and test procedures for vulnerability assessments. Sets up provisions for what constitutes a significant systems change, such as implementing patches, new versions of software, service packs, and new custom or third-party applications.

Incident Reporting and Response Planning

Sets up a computer incident response team as a requirement. Mandates that all incidents be reported to the Electricity Sector ISAC (information sharing and analysis center).

Recovery plan

Establishes disaster recovery plan, annually reviewed. Details the severity and types of attacks that would trigger a recovery effort and what that effort should consist of, and requires defining the roles and responsibilities of those who will respond.

–M.F.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Manage your IT more effectively

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage