120 likes | 135 Views
This comprehensive Cyber Manual Toolkit offers a strategic guide and tools to enhance cybersecurity practices in state utility commissions. It includes resources like a glossary of terms, cybersecurity questions for regulators, performance evaluation tool, and more. Developed in collaboration with industry experts, this toolkit aims to support meaningful engagement between regulators and utilities in enhancing cyber resilience. Available now for download, it offers practical guidance for developing robust strategies and conducting cybersecurity tabletop exercises. Stay ahead in cybersecurity readiness with this essential resource.
E N D
Cybersecurity: Resources for Public Utility Commissions Lynn P. Costantini, DSc, CISSP Deputy Director Center for Partnership and Innovation
Foundational Resources Risk Management for Critical Infrastructure Protection: An Introduction for State Utility Regulators Cybersecurity Primer for State Utility Regulators Version 3.0 A Comparative View of Cybersecurity Approaches in the Natural Gas and Electric Sectors- Natural Gas Utility Perspective (webinar)
Cyber Manual Project Purpose: Toolkit that supports meaningful engagement between state regulators and utilities on the topic of cybersecurity. Applicability: All state utility commissions All utility sectors Format: 6 complementary components
Cyber Manual Components • U.S. Cybersecurity Strategy Development Guide • Status of Cybersecurity Strategies at Public Utility Commissions • Glossary of Cybersecurity Terms • Cybersecurity Questions for Regulators to Ask Utilities • Cybersecurity Performance Evaluation Tool (CPET) • State Tabletop Exercises for Cybersecurity
Development Process • Drafting Team • Cyber Manual Working Group, Consultants, and Subject Matter Experts • Iterative review process • Internal • External • DOE
U.S. Cybersecurity Strategy Development Guide Developed in partnership with Cadmus Group LLC, this document is designed to help state commissions create their own cybersecurity strategies. Offers guidance on how to develop objectives, strategic goals, and communications plans for a wider, commission-specific cybersecurity strategy. Available for download now.
Status of State PUC Cybersecurity Strategies Companion to Strategy Development Guide. Provides a point in time view of the current level of PUC/utility engagement across the nation. Based on a survey sent out by NARUC’s Staff Subcommittee on Critical Infrastructure.
Glossary of Cybersecurity Terms A comprehensive glossary of the cybersecurity terms used in the Cyber Manual. Includes additional cybersecurity “terms of art” Intended as a living document; suggestions welcome!
Cybersecurity Questions to Ask Utilities • Designed to help PUCs understand the current state of cybersecurity planning and practice at utilities in their jurisdictions. • Series of structured questions covering 5 cyber risk management domains • Identify • Protect • Detect • Respond • Recover • Builds on NARUC’s Cyber Security Primer for State Utility Regulators Version 3.0.
Cybersecurity Performance Evaluation Tool • A “maturity model” for PUCs • Allows PUCs to evaluate the maturity of utilities’ cybersecurity programs and track improvements year over year. • Measured against standards and best practices (NERC CIP, NIST, ISO) • Companion to Cybersecurity Questions component. • Developed in collaboration with Cadmus Group, LLC.
State Tabletop Exercises for Cybersecurity “How to” guide with resources and examples for how regulators can formulate and implement effective cybersecurity tabletop exercises in their own states with key partners. Available February 2019
Support Resources Regional cybersecurity training for PUC commissioners and staff Cyber Manual Tool Kit training Critical Infrastructure Resource Repository (members only web site)