Electric Industry Urged To Take New Approach To Cybersecurity

Share Article

The Anfield Group has proposed an innovative approach to cybersecurity for the bulk electric industry.

News Image
Now our enemies are seeking to sabotage our power grid. - President Barack Obama, State of the Union Address, Feb. 2013

The Anfield Group has proposed an innovative approach to cybersecurity for the bulk electric industry. The new approach goes beyond mandatory compliance and institutes a reasonable and far-reaching system of security controls that bridges government regulations and allows the industry to stay ahead of the latest attempts by skilled hackers seeking to disrupt power grids in the U.S., Canada and Mexico.

    Based in Austin, Texas, The Anfield Group’s professionals have not only played key roles in the development of cybersecurity regulations for the bulk electric industry, they have participated in more than 130 audits of the cybersecurity programs in place at major utility companies in the United States and Canada. The Anfield Group is the most experienced consultancy in the industry.

    "When it comes to cybersecurity, the bulk electric industry focuses on complying with regulations issued by the Federal Energy Regulatory Commission," said Chris Humphreys, CEO of The Anfield Group. "This extremely important compliance not only avoids costly fines, it ensures the utility company has conformed to the best available federal and industry advice for avoiding a potentially catastrophic cyber attack. Unfortunately, compliance with existing regulations does not mean the grid will be secure from a cyber attack launched today or tomorrow."

    Humphreys explained that at the time governmental regulations are authored, they represent the best possible deterrent to potential cyber attacks on the North American power grid. However, by the time they are reviewed, refined, approved and implemented, the new regulations sometimes become woefully outdated. In some cases, by the date the new regulations become effective, hackers have already developed new and improved tactics to circumvent them.

    "Basically, the industry’s current approach to cybersecurity is to counter tactics used by hackers in the past," Humphreys said. "Complying with regulations that protect us from the types of cyber attacks launched two years ago does little to secure the grid against new and more sophisticated attacks that could be launched at any moment. We think it would be far more effective to develop security-focused standards flexible enough to accommodate shifts in tactics and technologies that happen over time. This way, compliance could be assured both now and into the foreseeable future."

    This new "compliance through security" approach would, for the first time, allow the industry to get ahead of their opponents who have the advantage of complete flexibility in developing new tactics for launching cyber attacks on power grids. The importance of a pro-active approach to cybersecurity for the bulk electric industry was emphasized by President Obama in his State of the Union Address when he said: "Now our enemies are seeking the ability to sabotage our power grid." Last October, then-Secretary of Defense Panetta told the Business Executives for National Security "we know of specific instances where intruders have successfully gained access to these control systems. We also know they are seeking to create advanced tools to attack those systems and cause panic, destruction and even loss of life."

    Humphreys said the new approach would combine current and upcoming regulations, the soon-to-be-released cybersecurity framework prepared in compliance with the President’s Executive Order by the National Institute for Standards and Technology, and the 20 Critical Controls for Effective Cyber Defense created by the SANS Institute.

    "All of these tools will become available within the next few months," Humphreys concluded. "Now is the perfect time to combine them into a formidable and lasting defense for the North American power grid."

With more than 30 years of combined experience in NERC CIP standards, The Anfield Group stands out as the most experienced consultancy in the industry. The firm’s experts have participated in CIP drafting teams and implemented the standards at utilities. The staff includes NERC-certified lead auditors and the founding chairman of the CIP Compliance Working Group composed of the CIP Compliance Managers and CIP Subject Matter Experts for all eight regions. Together, The Anfield Group staff has participated in more than 130 NERC audits.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jay Humphreys
The Anfield Group
since: 06/2013
Like >
The Anfield Group

Visit website