Enhanced Exam and Board Reports Include New Cyber Security Standards

Aug. 23, 2006
SecureWorks has announced its new enhanced exam and board reports

SecureWorks has announced its new enhanced exam and board reports. The new reports are making it manageable for utility companies to demonstrate best practices and compliance with the Cyber Security Critical Infrastructure Protection (CIP) standards adopted in June by the North American Electric Reliability Council (NERC). SecureWorks provides security services to more than 1300 clients in the United States and abroad, including network and host intrusion prevention, firewall management, vulnerability assessment, encrypted email, and email filtering.

All entities responsible for the reliability of the bulk electric system (including investor-owned utilities, most generation and transmission (G&T) cooperatives, and municipal joint action agencies) in North America are required to produce 12 months of auditable data, documents, logs and records on their information security controls in order to be compliant with the new CIP standards. Additionally, while many smaller entities, (such as most distribution cooperatives and municipal utilities) are not required to comply, they are adopting the CIP standards as best practices.

"NERC has outlined cyber security standards, which help utility organizations identify and protect their critical cyber assets, and SecureWorks has a system in place to effectively track these efforts," said Mike Cote, president and CEO of SecureWorks. "Having on-demand reports from SecureWorks is a simplified way to illustrate - in black and white - your security position to the NERC auditors, your board and your management."

SecureWorks is providing on-demand reports that show how a utility's practices are matching directly to the CIP requirements. SecureWorks is also providing enhanced reports with easy-to-read graphs and tables that clearly identify attempted cyber attacks, attack targets, results of attacks and attack trends. "Whether it's providing evidence of compliance or wanting a clear picture of your information security landscape, we automatically populate data from our database into the reports," explained Cote.

"In this age of hackers and malicious Internet activity, electric utilities have a great responsibility to ensure the security of customer and utility information," said Barry Lawson, manager, power delivery for the National Rural Electric Cooperative Association (NRECA). "Having straightforward reports, such as these, that outline an organization's Internet security controls are highly beneficial to any utility company, whether it is required to comply with the NERC Cyber Security standards or not."

The new CIP standards, CIP-002 through CIP-009, have been in development since July 2003. They address the need to protect the computer infrastructure supporting the continuous, secure operation of the Bulk Electric System in North America. Responsible entities must begin implementing these standards by the end of second quarter 2007, and complete implementation by demonstrating compliance to an auditor by the end of second quarter 2010.

Voice your opinion!

To join the conversation, and become an exclusive member of T&D World, create an account today!