Modernizing Physical Security and Incorporating Best Practices Into New Assets


Interview with David Grubbs, Director, Regulatory Affairs and Compliance at City of Garland, TX

Atlanta, GA (I-Newswire) November 17, 2012 - As the Department of Homeland Security has reported, cyber security threats to the utility industry are increasing in number and sophistication. Because of this challenge, the North American Reliability Corporation (NERC) is increasing the Critical Infrastructure Protection (CIP) regulatory requirements to ensure organizations and facilities are meeting basic standards in this area.

marcus evans had the privilege to hear from David Grubbs before the upcoming Utility Cyber Security & CIP Compliance Conference, January 15-17, 2013 in Atlanta, GA. Below he shares with us his perspective on how CIP standards are affecting cyber security within electric utilities. The responses below strictly reflect the views and beliefs of David Grubbs, and not necessarily those of City of Garland, TX.


What are some of the newer efforts being utilized to protect the physical assets of utilities?

David Grubbs: Electric utilities continue to improve both physical and cyber security efforts to counter known and unknown threats. In physical security, many upgraded security features have been added including: card access at many locations, electronic padlocks that require the regular reauthorization of keys and can be set to ignore keys identified as lost, video monitoring, fence tamper detection and motion sensors. The most important aspect of improving security is properly training personnel and achieving a security mindset within the industry. The CIP Standards make a start at this, but only include personnel with access the CIP Critical Cyber Assets.

Can you elaborate on the benefits of applying CIP standards to non-critical assets?

DG: The CIP standards are a good starting point for any security system. They are however, inadequate to fully protect any asset. Security is achieved by a defense in depth. Much as an onion has numerous layers, good security systems should have numerous layers of which the CIP standards are only a few of the layers. Frequently, the best defenses are those no one knows about. Unfortunately, at least through version 4, the CIP Standards are somewhat prescriptive. Many of the security aspects of a facility, and even which facilities have security, can be guessed because of the CIP standards. Beginning with version 5 of the CIP standards the industry will have more flexibility to install the appropriate security for a facility rather than specific security practices.

Why should utilities consider organizational security to be just as important as safety?

DG: Security systems are inherently designed to keep the "bad guys" out. Excellent security systems can easily be defeated when someone inadvertently leaves a door open or invites the "bad guys" in. The most common ways of entering a system are by social engineering. Asking innocent sounding questions, a hyperlink in an email that appears to be from your boss, or getting someone to plug in a USB drive or CD are the easiest way to get into a secure system. A second source of lost information is a lost laptop or the USB drive that contains sensitive information.

The following article from Intelligent Utility, http://www.intelligentutility.com/article/12/10/cyber-risk-conversation, explores the potential motivation behind cyber attacks aimed at utilities in the format of a hypothetical conversation between utility executives. If you had a chance to join the conversation, what comments/counterarguments would you give?

DG: I have had several very similar conversations with industry executives across North America. Different entities have differing risk profiles to the various threats identified in the discussion. Certain companies may be more of a target to certain organizations, such as environmental extremists, while others might be less so. There is some risk for all of these threats to each of us. Some organizations, because of their small size, might believe they are immune to such activities because no one knows they are there and theorize that someone would not be interested in attacking them. By the same logic, an attacker might go after a smaller organization believing their security is less organized than at a larger entity and easier to penetrate, thus making a smaller entity a more attractive target. None of these is true in all circumstances, but are potential considerations when designing a security system.

As someone who has attended marcus evans events in the past, what do you think attendees can take away from this conference?

DG: There are three primary takeaways from a marcus evans conference. First is the educational aspect. Attendees learn how other comparable companies are coping with the issues; from compliance, to security, to organizational structure, to budgeting. Second, are the relationships you build with the speakers and fellow participants. Being able to discuss ideas with others, both during the conference and afterward, can give significant insight into issues. Third, and perhaps most important, it gives you a chance to break out of a rut and do something different. We are all guilty of continuing to do what we have been doing and as long as nothing jolts us, we just keep on doing it. A conference, such as this, gives us the opportunity to review our own programs in the light of the best practices of others. It allows us to refocus on the needs of our organization and gives us a new enthusiasm for pursuing the ideas we developed at the seminar.

Mr. Grubbs joined the City of Garland in 2002 and has held numerous positions within the City. He is currently serving as the Director of Regulatory Affairs and Compliance reporting directly to the Managing Director of the Electric Utility on Regulatory, Compliance and Transmission Planning Issues. Immediate prior to joining Garland, Mr. Grubbs worked as a consultant developing wind energy and compressed air energy storage generation units.

For more information, please contact Michele Westergaard, Senior Marketing Manager at 312-540-3000 ext. 6625 or Michelew@marcusevansch.com.






About marcus evans

marcus evans conferences annually produce over 2,000 high quality events designed to provide key str   More..ategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually, ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.Less..

Contact Information

marcus evans
Michele Westergaard
455 N. Cityfront Plaza Dr.
9th Floor
60611
Phone : 312-540-3000

Tags:

Compliance   regulatory   it security   cyber security   NERC   FERC  

Published in:

Events / Trade Shows

Published On:

November 17, 2012

Print Release:

Print Release

If you have questions regarding information in this press release contact the company listed above. I-Newswire.com is a press release service and not the author of this press release.The information that is on or available through this site is for informational purposes only and speaks only as of the particular date or dates of that information. As some companies and PR Agencies submit their press releases once per week,month or quarter, make sure to check the official company website for accurate release dates as our site displays the I-Newswire.com press release distribution date only.We do not guarantee the accuracy or completeness of information on or available through this site, and we are not responsible for or omissions in that information or for actions taken in reliance on that information.


Related Releases

Taste Of Key West Returns To Entice Tourists With Tempting Treats
One of the most food-friendly small towns in America, Key West has an extraordinary number of high quality chefs who create culinary masterpieces. Monday, April 14th is the annual event that everyone looks forward to so they can try all of it at once

Celebrate Your Independence From Bad Desserts With Key Lime Pie
This Fourth of July marks the second annual Key Lime Festival of the Florida Keys, celebrating all things Key Limey, including the world's largest Key Lime pie.

FIXE FORCE Launch Party May 3rd
fIXE Magazine has relaunched as the fIXE fORCE network of online magazines. To kick it off fIXE fORCE Launch Party will be held May 3rd at the NJ / NYC adjacent QXT's,

CDN Solutions Group Participates in CeBIT Australia 2014 from 5th - 7th May
Visit CDN Software Solutions Pvt. Ltd. In CeBIT Australia 2014, at booth no J53- mobility category, at Sydney Olympic park, from 5th to 6th May.

Annual Central Jersey RV Show and Food Drive
When: May 2, 3, 4 - Hours 10am-7pm Friday and Saturday 10am-5pm Sunday Where: PNC Arts Center, Garden State Parkway - Exit 116, Admission: Non-perishable Food Item