Utility Employees Worried About Security Threat Readiness, NERC Compliance

By   ISBuzz Team
Writer , Information Security Buzz | Mar 12, 2017 03:05 am PST

More than 20,000 utility employees said a low percentage of major security projects were being implemented, indicating utilities seemingly have a false belief that a Ukraine-like security breach can’t happen in the US. Tim Erlin, Sr. Director, Product Management at Tripwire commented below.

Tim Erlin, Sr. Director, Product Management at Tripwire:

tim_erlin“There’s a clear and present cybersecurity risk for utilities in North America.

The industry has made significant progress in understanding and mitigating risk through the NERC Critical Infrastructure Protection standard, but the threat landscape continues to evolve. Security and compliance are related, but not the same. The defensive tools and techniques need to evolve to match the threat.

The Bridge Energy Group survey is particularly useful because of the number of respondents.

In order to report on compliance metrics, organizations must implement the foundational controls that provide the underlying data. In many cases, the difficulty in reporting is a symptom of that lack of consistent data collection.”