Cigital Inc., a leading provider of software security services announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan. Cigital partnered with the National Rural Electric Cooperative Association (NRECA) to develop this Guide which consists of practical tools, a risk mitigation checklist, and step-by-step template to help utilities create a cyber security and risk mitigation plan.

The successful integration of new smart technologies requires addressing cyber security risks holistically and systematically.  When the U.S. Department of Energy (DOE) awarded NRECA’s Cooperative Research Network (CRN) $33.9 million in Recovery Act funds for a smart grid demonstration projects, the grant stipulated that the acquisition and deployment make cyber security a priority.

The Guide, provides a step-by-step plan to help the utility improve its security posture, and ensure new smart grid components and technologies do not compromise security.

“We are excited to partner with NRECA to create the cyber security guide and planning tools that will help electric utilities build an internal risk management program and embark on a path of continuous improvement to systematically reduce their exposures to current and emerging cyber security risks,” said Evgeny Lebanidze, a managing consultant at Cigital and a cyber-security team lead on NRECA’s Smart Grid demonstrations project.

Twenty-three cooperatives participating in NRECA’s smart grid demonstration project are already using the Guide and NRECA anticipates that cooperatives across the country will use the Guide, checklist and plan template.  CRN, the technology research arm of NRECA has already received requests for the Guide from utilities in the U.S., as well as England, India and Italy.

“We can’t thank Cigital enough for its work on the guide by providing a practical plan for getting started in grid cyber security,” said Craig Miller, NRECA. “The best part is the plan can grow and improve over time, driving continuous improvement and adaptation to changing conditions and technology.   This is the only practical way to tackle the problem – do the best you can do now, and then get better month-by-month and year-by-year.”

The Guide is comprised of a suite of documents built upon guidance in NIST IR 7628, NERC CIP, as well as other industry resources and standards.  It is also based on Cigital’s cyber security risk management experience gained through 20 years of security consulting and research.

The goal was to create actionable, digestible, and practical guidance for electric utilities that would allow them to assess the existing maturity of their cyber security practices and technologies, and then build a plan for continuous improvement.  Cyber security standards for the smart grid remain a moving target, but electric cooperatives are not waiting.  The current approach to cyber security puts a stake in the ground and gives utilities something they can start with now.

The Cyber Security Toolkit can be found here.