New SGIP Case Study Highlights Ways to Implement the NIST Cybersecurity Framework

The case study shows how some utilities have implemented the CSF

WAKEFIELD, MASS., March 23, 2017 – SGIP announced today a new case study that documents an approach utilities can use to implement the Cybersecurity Framework (CSF) published by the National Institute of Standards and Technology (NIST). While many electric utility IT experts work diligently on how to best handle cyber-attacks to protect their customers and infrastructure, the SGIP NIST Cybersecurity Framework Implementation Case Study is a free resource that illustrates how some utilities have adopted and used the CSF.

The case study, developed by the utility-only Framework Implementation Case Study Task Force in SGIP’s Smart Grid Cybersecurity Committee (SGCC), shows how several utilities have implemented the NIST CSF and effectively use it to help identify, communicate and mitigate cybersecurity risks.

“Cybersecurity risks to grid operations and utility functions continue to grow, and organizations like utilities that provide critical infrastructure services need to have effective tools and processes to manage them,” said Aaron Smallwood, Vice President, Technology at SGIP. “The CSF from NIST is a very useful resource to help organizations evaluate risk, and SGIP’s new case study provides insight into how some utilities have implemented the framework to suit their individual needs.”

The NIST Cybersecurity Framework Implementation Case Study gives detailed steps and real-world examples for implementing the CSF, enabling utilities to identify and prioritize top security risks and present that information to senior management for cost-benefit analysis exercises and planning. The case study leverages existing guidelines such as the NIST Cybersecurity Framework, DOE Energy Sector Cybersecurity Framework Implementation Guidance, DOE Electricity Subsector Cybersecurity Capability Maturity Mode (ES-C2M2), and the DOE Cybersecurity Risk Management Process (RMP).

This case study is not meant to replace these published guidelines, but to provide insight into how some utilities have implemented them.

The case study can be downloaded at no charge from the SGIP website.

More information is available in the recording of SGIP’s NIST Cybersecurity Framework Implementation Case Study Webinar.

About SGIP
SGIP is an industry consortium representing a cross-section of the energy ecosystem focusing on accelerating grid modernization and the energy Internet of Things through policy, education, and promotion of interoperability and standards to empower customers and enable a sustainable energy future. Our members are utilities, vendors, investment institutions, industry associations, regulators, government entities, national labs, services providers and universities. A nonprofit organization, we drive change through a consensus process. Visit https://sepapower.org.

Follow SGIP on LinkedIn and Twitter.