The Growing Need for Cybersecurity Protection in Low-Impact Utilities and the Impending New Compliance


Six times in 2013, Iranian hackers took over the control system for the Bowman Avenue Dam in Rye Brook, New York. When the news broke, reporters became focused on the vulnerability of America’s infrastructure.

They missed an important point.

The Bowman Avenue Dam isn’t exactly declared as a critical infrastructure at the current moment. It protects the streets of a few small communities from flooding. And therein lies the lesson for low-impact utilities:

You don’t have to be a high- or medium-impact utility to face cyber threats.

Attackers are looking for any vulnerability they can find. If it’s your utility, they’ll take it. And while most security controls in the NERC CIP requirements apply to high- and medium-impact facilities, you can see more requirements for low-impact assets on the horizon.

Already by July 2016, low-impact facilities had to designate a CIP Senior Manager and implement a documented process to delegate authority of the CIP Senior Manager.

Regulators also set dates for:

  • Completion of an impact assessment to identify high-, and medium-impact BES Cyber Systems, plus low-impact BES Cyber Assets
  • Completion of Cyber Security Policy signed by the CIP Senior Manager
  • Plans for Cyber Security Awareness, Physical Security Controls, Electronic Access Controls, and Cyber Security Incident Response.

You’re also advised to implement proper asset management procedures that include patch management, configuration change control, monitoring and documentation.

Now you’re advised. Soon, you’ll probably be required.

Affordably fast-tracking NERC CIP Compliance Management

While these requirements present a challenge for all utilities, they can be particularly burdensome for low-impact facilities. The budgets and resources aren’t there.

That’s where security integrated solution from WizNucleus comes in.

Called CWP for NERC CIP, this comprehensive platform puts a ‘soup to nuts’ solution into one package: Cyber Asset management, configuration change control, monitoring and the ability to document everything, so that you can build sustainable cybersecurity and compliance program.

CWP is designed specifically for critical infrastructure application, yet priced for smaller utilities.

It runs on commodity Windows hardware, meaning it can be deployed quickly and inexpensively. Utilities who have implemented CWP report an extremely attractive return on their investment (ROI).Click here for more information.

Share This Post

Related Posts