EnergySec Observations on NERC Cybersecurity Compliance
The energy industry addressed current and future security challenges including critical NERC cybersecurity compliance initiatives at this year’s EnergySec Summit.
EnergySec 2017 Summit
Recently, I had the opportunity to attend EnergySec’s 13th Security and Compliance Summit. It was refreshing and encouraging to see such a dedicated, diverse group of people intent on making our lives safe and secure.
I attended a number of presentations and had many conversations with people who are working every day to prevent cybersecurity attacks from all angles. They are implementing security compliance programs, developing software, securing hardware and networks, educating people, conducting cybersecurity intelligence and more.
Compliance and Doing the Right Thing
Compliance is what entities are required to do in order to meet regulatory requirements to avoid consequential penalties. Remarkably, one recurring theme I heard is that the majority of people and organizations want to “do the right thing” to make their companies secure. In contrast to simply being in compliance with regulations or to avoid fines, they want to be as secure as they can be.
To that end, entities are working to create an environment where being safe and secure are priorities that permeate all areas of the business. They are implementing compliance management software to automate cybersecurity, provide an end-to-end view of compliance and drive success.
NERC Cybersecurity Compliance Challenges
One of the challenges that utilities face is ever-changing NERC cybersecurity compliance regulations. Frequently, compliance requirements change multiple times within an audit or review period. Utilities must stay ahead to prepare for impending changes to ensure that programs are in place in advance of the regulation.
Consequently, the best way to mitigate the impact of rapid changes is to create that environment of “doing the right thing.” From that standpoint, the entity is likely to meet regulatory requirements in advance of the actual change with less stress and better quality.
A critical factor for energy entities to be compliant today, tomorrow, and to “do the right thing,” is to select the right compliance management software. Software should be robust to enable compliance, but ultimately, extend beyond that to support the “extra mile” that these entities are willing to go. Software should also be flexible, configurable, scalable, and able to rapidly adapt to future needs not yet known.
Many energy and utility entities have implemented AssurX’s NERC Compliance Solution to manage operations, identify risks, and demonstrate compliance across all critical operations.