Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



New SGIP Case Study Highlights Ways to Implement the NIST Cybersecurity Framework

March 2017 by Marc Jacob

SGIP announced a new case study that documents an approach utilities can use to implement the Cybersecurity Framework (CSF) published by the National Institute of Standards and Technology (NIST). While many electric utility IT experts work diligently on how to best handle cyber-attacks to protect their customers and infrastructure, the SGIP NIST Cybersecurity Framework Implementation Case Study is a free resource that illustrates how some utilities have adopted and used the CSF.

The case study, developed by the utility-only Framework Implementation Case Study Task Force in SGIP’s Smart Grid Cybersecurity Committee (SGCC), shows how several utilities have implemented the NIST CSF and effectively use it to help identify, communicate and mitigate cybersecurity risks.

“Cybersecurity risks to grid operations and utility functions continue to grow, and organizations like utilities that provide critical infrastructure services need to have effective tools and processes to manage them,” said Aaron Smallwood, Vice President, Technology at SGIP. “The CSF from NIST is a very useful resource to help organizations evaluate risk, and SGIP’s new case study provides insight into how some utilities have implemented the framework to suit their individual needs.”

The NIST Cybersecurity Framework Implementation Case Study gives detailed steps and real-world examples for implementing the CSF, enabling utilities to identify and prioritize top security risks and present that information to senior management for cost-benefit analysis exercises and planning. The case study leverages existing guidelines such as the NIST Cybersecurity Framework, DOE Energy Sector Cybersecurity Framework Implementation Guidance, DOE Electricity Subsector Cybersecurity Capability Maturity Mode (ES-C2M2), and the DOE Cybersecurity Risk Management Process (RMP).

See previous articles


See next articles