Do you own or operate generation resources? (GO/GOP)
If so, it is likely that you are reading headlines about how your site is at risk for cyber security attacks and that infiltration of your site is impending… This COULD be true AND there are many low-cost measures to take that can support your site from being a victim of cyber intrusion. Below is a short list of quick actions that can be taken by your organization to strengthen your cyber defense posture.
1. Train employees in cyber AND physical security principals:
This is not a “one and done” sort of effort. This gets to be a reoccurring reminder of what the expectations are and why
2. Passwords and Authentication:
Unique and complex passwords get to be a MUST! Your organization should implement multi-factor authentication that would require secondary information beyond a password to gain access/entry to security.
3. Limit employee access to data and information, limit authority to install software:
Very few employees need access to ALL information. Ensure that access to secure areas and information are based on need, and not convenience.
4. Protect your Wi-Fi Networks:
Consider setting up your wireless access point or router to reflect network name(s) that do not give attackers easy targets (the Service Set Identifier or SSID)
5. Mobile Device Action Plan:
Mobile devices can present significant security challenges to any network. Consider requiring users to password-protect their devices, including data encryption and installing approved security applications to support the prevention of cyber threats while the device is connected to other public networks.
This is by no means an exhaustive list of preventive measures that can be taken to secure your sites cyber network… additional security devices such as firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are highly recommended and should be considered for implementation. Whether your site is considered Low Impact or Medium Impact, NERC Reliability Standards are expanding and growing constantly; And that is where Electric Power Engineers, LLC can be an integral partner is evaluating your network and physical security posture for compliance with NERC Reliability Standards. Shoot me a direct message to get more information on how we can support you and your time.
If you need support with NERC or regulatory compliance including cybersecurity standards, reach out to your account manager or schedule a consult.