All Posts By

Maggie Radtke

How Can Critical Infrastructure Facilities Become Cyber-Resilient?

By Cyber Resiliency

Network Perception CEO Dr. Robin Berthier, recently joined Luke Fox on The Trust Revolution to discuss cybersecurity in relation to recent attacks on several critical infrastructure industries. Berthier explains, “Utilities have modernized, and that connectivity, especially around equipment and IoT, increases the risk for disruption and attacks.” He elaborates with specific examples and provides best practices.

Berthier also cautions against a singular focus on preventing attack, as that effort is futile. To best prepare for future threats, he recommends building cyber resiliency with an emphasis on “defense in depth or multiple layers of security.” Companies must change the way they think about cybersecurity and prioritize building resiliency.

“It’s impossible to keep everything outside of the perimeter, so design a system with this in mind. Software vulnerabilities are only growing. There were 6000 in 2016 and 18,000 in 2020.”

To achieve cyber resiliency within your organization, he says, “Visibility is key. Know what you have in your network and keep it up to date. Also, follow the principle of least privilege for applications.”

Berthier also emphasized that cyber resiliency and cybersecurity must be a concern for more than just IT teams. For true resiliency, systems need to work harmoniously across a diverse set of tools, and teams need to work together to ensure business continuity.

Listen Online

Listen on Spotify

Listen on Apple Podcasts

What Does My NERC CIP-005 Compliance Preparedness Score Mean?

By NERC CIP

For critical infrastructure organizations, building and maintaining a compliance program is an essential priority to ensure safety and reliability for customers. To achieve compliance that is both sustainable and manageable, it requires total organizational commitment to a culture of compliance that provides transparency, standardized processes and reliable data.

In reality, compliance is best viewed in the form of a preparation continuum, a journey that digitally transforms organizations from reactive to proactive, manual to automated, ad-hoc to standardized and non-compliance to compliance.

At Network Perception, we’ve developed an online tool to evaluate your NERC CIP-005 compliance program.

After taking this evaluation, you will receive a custom report with your preparedness score as well as specific recommendations for improvement as well as practical ideas to build-up your compliance and audit readiness.

How To Use Your Score

Your preparation score will fall between 1-100 percent (%). In the following chart we provide some additional context around your score within five distinct levels of preparation evolution, (1) Not Started Yet (2) Getting Started, (3) In Process, (4) Ready and (5) Automated.

Generally speaking, a utility that has a high preparation score has a culture of compliance featuring accountability, alignment, defined processes and effective technology.

Alternately, a lower preparation score can offer critical insights on where improvements and resources are most needed to achieve future compliance program sustainability.

Now that you know where you fall on the NERC CIP-005 compliance preparation continuum, you can now focus your time, energy and resources on addressing those critical gaps in your organization, team, process and technology.

Need help?

If you have questions regarding your NERC CIP-005 compliance preparation score and/or looking for ideas on how to use this information to improve your audit and compliance readiness, please contact us for a free consultation.

 

Don't miss the next article by subscribing to the NP newsletter