New considerations for security compliance, reliability and business continuity

This paper describes new considerations for security compliance, reliability and business continuity for electrical utilities. Within the last few years there have been several security and emergency response regulatory measures that require integration into the overall business management practices of the utilities. In 2005, the RUS released regulations requiring borrowers to certify that a Vulnerability and Risk Assessment and an Emergency Restoration Plan has been prepared. Most recently, all bulk power utilities will now be required to adhere to the regulations set forth by NERC. As part of these regulations, NERC has established the Critical Infrastructure Protection (CIP) 002 – 009 standards. NERC CIP spells out an auditable guide covering a variety of areas related to cyber security. These standards specify the implementation of a holistic security approach to protect the bulk electric systems in North America. Energy companies and utilities across the US must move quickly towards compliance to the CIP 002 – 009 standards. This paper will: • Describe a practical approach to disaster management and business continuity planning; • Provide lessons learned and shared by utilities; • Review NERC Reliability Standards; • Describe an intergrated approach to security and business continuity planning.