Booz Allen Hamilton has created a set of guidelines for energy companies to protect infrastructures from cyber attacks and to help operators comply with security standards established by the North American Electric Reliability Corp.
The NERC updated critical infrastructure protection requirements after a report from the Department of Homeland Security found that energy facilities are common targets of hackers, Booz Allen said Monday.
“Going from NERC-CIP version 3 to the version 5 requires a partner that knows not only the rules, but just as an importantly, has deep industry experience to recognize the diverse needs of utility companies — all while minimizing cost and leveraging existing investments, where possible,” said David Cronin, a Booz Allen principal.
Booz Allen suggests that utility firms conduct a simulation activity to investigate gaps in security incident response frameworks and to identify areas that need improvement.
The firm also advises utilities to invest in cyber workforce, processes and technology.
Industry should also educate staff about potential insider threats and adhere to cybersecurity standards, according to Booz Allen.