CIP-013 Is Just the Beginning: Utility Regulations Demand Robust Third-Party Risk Management

CIP-013 Is Just the Beginning: Utility Regulations Demand Robust Third-Party Risk Management

Bitsight
Published by: Research Desk Released: Oct 21, 2019

Evolving Cybersecurity Concerns in the Utilities Sector

Cyber attacks have the potential to create significant physical consequences for utilities, especially as critical infrastructure operations become more integrated.

Globally interconnected, remotely accessible third-party connections provide cyber attackers with increased access to supply chain targets, and the utilities sector is largely unprepared for the associated cybersecurity challenges.

The Federal Energy Regulatory Commission (FERC) has implemented a new regulatory requirement, NERC CIP-013-1, which places increased responsibility on utilities to evaluate the cybersecurity of their third-party vendors and partners. While important, this regulation is just the beginning of a new reality for utilities.

Download the white paper to learn more about the current utility industry cybersecurity climate and the steps utilities can take to limit their supply chain risk.