Utility Professionals Network Community

Welcome! This community is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. We welcome intelligent, insightful contributions and conversations.

199,840 Subscribers

Article Post

EnergySec Observations on NERC Cybersecurity Compliance

EnergySec 2017 Summit

Recently, I had the opportunity to attend EnergySec’s 13th Security and Compliance Summit. It was refreshing and encouraging to see such a dedicated, diverse group of people intent on making our lives safe and secure.

I attended a number of presentations and had many conversations with people who are working every day to prevent cybersecurity attacks from all angles. They are implementing security compliance programs, developing software, securing hardware and networks, educating people, conducting cybersecurity intelligence and more.

Compliance and Doing the Right Thing

Compliance is what entities are required to do in order to meet regulatory requirements to avoid consequential penalties. Remarkably, one recurring theme I heard is that the majority of people and organizations want to “do the right thing” to make their companies secure. In contrast to simply being in compliance with regulations or to avoid fines, they want to be as secure as they can be.

To that end, entities are working to create an environment where being safe and secure are priorities that permeate all areas of the business. They are implementing compliance management software to automate cybersecurity, provide an end-to-end view of compliance and drive success.

NERC Cybersecurity Compliance Challenges

One of the challenges that utilities face is ever-changing NERC cybersecurity compliance regulations. Frequently, compliance requirements change multiple times within an audit or review period. Utilities must stay ahead to prepare for impending changes to ensure that programs are in place in advance of the regulation.

Consequently, the best way to mitigate the impact of rapid changes is to create that environment of “doing the right thing.” From that standpoint, the entity is likely to meet regulatory requirements in advance of the actual change with less stress and better quality.

Conclusion

A critical factor for energy entities to be compliant today, tomorrow, and to “do the right thing,” is to select the right compliance management software.  Software should be robust to enable compliance, but ultimately, extend beyond that to support the “extra mile” that these entities are willing to go. Software should also be flexible, configurable, scalable, and able to rapidly adapt to future needs not yet known.

Many energy and utility entities have implemented AssurX’s NERC Compliance Management Solution to manage operations, identify risks, and demonstrate compliance across all critical operations.

Discussions

No discussions yet. Start a discussion below.