The utility industry is bombarded by negative press about the security nature of the electric grid. It seems we read a new story about \u201cwhat is going wrong\u201d with utilities weekly and on a regular basis. We have heard the constant drum beat of \u201chackers are in the grid\u201d or \u201cindustry doesn\u2019t take security threats seriously enough\u201d, but rarely does industry receive due credit for the positive steps it has taken to secure electric systems and infrastructure. Today more than ever, industry is acutely aware of the microscope placed on it and the importance of electricity to the American way of life.Electric power remains a very visible and attractive target to anyone looking to cause damage. A successful attack on the power grid causing a wide-area long-term outage would have significant national security, economic, and public health and safety consequences.The threat remains and we should not lose sight of this. However, we have seen the media run wild with stories about substation shootings, rumors of hacked control systems, and the targeting of specific infrastructure sites within the grid. While some responsible reporting has taken place, many see the opportunity to \u201cpile on\u201d and make accusations that industry isn\u2019t responsive. Yet, the opposite is true. This industry, more than any other critical infrastructure sector, has moved the proverbial football down the security field.[ ALSO ON CSO: Defending the grid ]The North American Electric Reliability Corporation (NERC), Electricity Information Sharing and Analysis Center (E-ISAC), and the Electricity Sector Coordinating Council (ESCC), along with the various trade associations have put security at the top of the list in terms of ensuring continued reliability. The electricity sector is one of the few sectors that has mandatory and enforceable security standards.A new Design Basis Threat (DBT) was recently released and NERC is now preparing for its next Grid Security Exercise (GridEx IV), to be conducted in November of 2017. Meanwhile, utilities are spending millions of dollars to upgrade their security programs and better protect their substations and generating plants across North America. With the development and acceptance of the newest physical security standard, NERC CIP-014, utilities are conducting assessments, building security plans, and installing mitigation measures to protect their transmission \u201ccrown jewels\u201d.Investments in cybersecurity continues to be monumental. NERC and industry are currently developing a cybersecurity supply chain management standard in response to FERC order 829. While compliance is a driver, utilities understand the impact that poor cyber practices can have on industry perception and company reputation. The point is a lot of progress is happening.The utility industry needs to be their own advocate, quick-to-draw and highlight success stories that point to action and accomplishments. While industry remains committed to \u201ckeeping the lights on\u201d, we should consider how to best articulate activities and initiatives that demonstrate the importance of the topic and the solutions brought to bear.If you\u2019re proud of your program, let others know about it. A two minute elevator speech that can effectively communicate the progress of your compliance program, reliability investments, and culture of security may be worth its weight in gold.