Hackers never sleep: Protect your hydropower project
It’s no secret that foreign entities are targeting our energy infrastructure including multiple known incidents in 2017 and 2018. If you want to be able to sleep at night, you need to keep up with the latest Federal Energy Regulatory Commission security requirements for your hydropower project. As the summer inspection season approaches, I thought it would be helpful to share some reminders and highlights of what’s new in FERC’s Security Program for 2018.
To be prepared for your annual FERC inspection you’ll need to complete the security checklist and cyber asset designation spreadsheet (if necessary). Bring these, along with your vulnerability assessment, security assessment, security plan, and internal emergency response and rapid recovery plan, and 2017 annual certification letter to the inspection. If you’ve made any changes to your operations (e.g. modifying control from manual to remote) you’ll want to describe the change and your security procedures. You will also want to be sure that any baseline or enhanced cybersecurity improvements that were identified are fully implemented.
A revision to the FERC Security program is due out this month (it will be designated as “Version 3B”). The latest update will clarify new document labeling requirements, include a template for your annual certification letter, a request for the checklist and cyber spreadsheets mentioned above, and an update to the cyber designation flowchart.
After developing a sound security posture, working with FERC to comply with their requirements, and maintaining vigilance, you’ll be able to sleep soundly – regardless of what the hackers are doing.
Filter by Expertise
Oroville happened. FERC responded.
July 21, 2020
The importance of solid foundations
June 16, 2020
Automating data extraction from HEC-RAS
May 27, 2020