This article was updated on October 3, 2019.
Cyber security threats to the power grid are a continuous danger nowadays, and because of this, regulation in North America may expand from covering bulk electricity carriers to low-impact carriers. Last month FERC, the U.S. Federal Energy Regulatory Commission, proposed a new rule for low-impact carriers, covering transient electronic devices such as USBs and laptops, and incident response policies.
While the regulation is still in the review stage, some low-impact utilities are not waiting to improve their cyber security posture and get a head start on compliance. They are taking advantage of the latest innovation for cyber threat monitoring and detection systems. Vermont Electric Coop is one such entity, and they have realized multiple benefits from their proactive approach.
Protecting Smaller Electric Utilities with Automated Cyber Security
While protecting large, bulk electricity carriers is obviously very important, low-impact bulk carriers are key power providers and important in their own right. After all, when the power goes off, it’s a critically serious issue, no matter what the source. Also, smaller, local utilities might look more vulnerable to motivated threat actors, and invading a smaller utility’s network might provide access and even control of a bulk carrier’s grid system.
Vermont Electric Coop (VEC), a regional low-impact carrier, wanted to boost its cyber security preparedness and incident response capabilities. It selected our Guardian product because it’s a proven solution and because it met their requirements for visualization, detection, response and administration.
“Most significantly, the solution has reinforced our cyber security program to help us advance our reliability goals.”
In terms of regulation, while VEC currently doesn’t have any NERC CIP jurisdictional assets, Kris Smith, Manager of Operations Engineering, comments:
“We’re prepared for the possibility that regulators will bump the limit down so that our assets are included. I like that Guardian positions us to be compliant if regulations become more stringent.”
Low-impact Carriers Benefit from Same Threat Protection as Bulk Carriers
As this example shows, low-impact carriers benefit as much, or more, than their larger power grid counterparts by deploying a real-time cyber security and operational visibility solutions. Organizations such as Vermont Electric Coop lack the resources to employ and maintain dedicated cyber security departments. Now they can obtain the same level of both cyber threat and operations risk protection and security at the largest utilities in the world.
To find out more about Vermont Electric Coop, watch the video available above.
For more information on how Guardian improves cyber resiliency and reliability, read the White Paper available below.
This blog is a summary of a two-part series of articles that first appeared in Energy Central.
“Improving ICS Cyber Security for Substations and Power Grids”
Improving ICS Cyber Security for Substations and Power Grids
Real-time ICS Anomaly Detection and Operational Visibility Use Cases
Read this paper to learn:
- Power grid cyber security technical challenges
- Sample architectures for cyber resiliency
- Cyber security use cases
- Operational visibility use cases
- How ICS anomaly detection improves cyber security