Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity: The State Regulators’ Perspective

Published byNoreen Lynch Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity: The State Regulators’ Perspective"— Presentation transcript:

1 Cybersecurity: The State Regulators’ Perspective
Lynn P. Costantini, D. Sc., CISSP Manager, Cybersecurity Compliance and Oversight New Jersey Board of Public Utilities March 21, 2018

2 Today’s Topics The Evolving Role of State Utility Regulators
Opportunities and Challenges New Jersey’s Experience

3 The Evolving Role of State Utility Regulators
Rapidly evolving cyber threats Mix of regulatory approaches Some critical assets not covered States’ regulatory role Ensure safe and reliable service at prudent and just rates; Determine appropriateness of utilities’ cybersecurity policies and practices

4 Challenge: Determine how much cybersecurity is enough
Technical knowledge and experience Resource constraints Compliance vs. risk reduction Opportunity: Promote discourse, information sharing, and partnership among all stakeholders

5 Progress? Utility Engagement? Issued Orders? Yes No
Source: NARUC Critical Infrastructure Committee, February 2017

6 Exercises Has your state conducted an exercise based on a cyber security scenario? Yes No Source: NARUC Critical Infrastructure Committee, February 2017

7 Cyber Information Sharing
Between utilities and state regulators Between state agencies Between state regulators and federal partners Source: NARUC Critical Infrastructure Committee, February 2017

8 Security Clearances Yes No Does anyone on your commission have a security clearance? Source: NARUC Critical Infrastructure Committee, February 2017

9 Progress!

10 The New Jersey Experience
2004 Docket A Comply with best security practices, including those for cybersecurity. 2011 Docket EO – Report cybersecurity incidents involving industrial control systems Docket A Comply with specific cybersecurity requirements

11 Cybersecurity Requirements
Scope: Industrial control systems (SCADA/PLC/RTU) Customer-facing systems that contain “PII” Cyber Security Program Requirements Cyber Risk Management Identify Monitor Situational Awareness Incident Reporting Response and Recovery Security Awareness and Training Analyze Control

12 Compliance and Oversight
Utilities self-certify compliance annually. First certification date was October 31, 2017. BPU staff and NJCCIC are developing a program to monitor utilities‘ compliance to the Cyber Order and their adherence to best utility practices. BPU staff will periodically review the requirements set forth in the Cyber Order to determine whether additional requirements or program refinements are needed.

13 Collaboration is a Priority
State Partners Attorney General OHSP NJCCIC OIT State Police/OEM Federal partners DOE DHS FBI In addition to collaboration with utilities, BPU engages in interagency collaboration as a necessity to achieve resilience, particularly in cyber space

14 Thank You!

Download ppt "Cybersecurity: The State Regulators’ Perspective"

Similar presentations

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Research Administration Capacity Building in an Established Institution Presenter: M.M.Aboud, MD Director of Research and Publications, MUHAS.

Research Administration Capacity Building in an Established Institution Presenter: M.M.Aboud, MD Director of Research and Publications, MUHAS.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Department of Environmental Quality Environmental Management System Overview.

Department of Environmental Quality Environmental Management System Overview.
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
The UK Space Agency: Our plan for space Dr Alice Bunn, Director of Policy November 2014.

The UK Space Agency: Our plan for space Dr Alice Bunn, Director of Policy November 2014.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
Industrial Railways: An Emerging Sector Presentation to the Industrial Railway Safety Conference Michael Bourque President and C.E.O. of the Railway Association.

Industrial Railways: An Emerging Sector Presentation to the Industrial Railway Safety Conference Michael Bourque President and C.E.O. of the Railway Association.
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Challenge Questions How good is our strategic leadership?

Challenge Questions How good is our strategic leadership?
1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.

1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.
Consultancy.

Consultancy.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Similar presentations

Ads by Google