The continual news of state-sponsored hackers attacking U.S. infrastructure has led the general public to better understand that digital security is a critical part of our overall national security. Digital systems aren’t isolated to high-tech companies–instead, cybersecurity touches on almost every aspect of our lives, particularly energy and utility management.

The U.S. government was already ahead of this curve and, starting in the 1990s, began implementing government regulations (in partnership with private companies) to protect the country’s electrical infrastructure. This led to the North America Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) requirements. 

Read More

Modern security and risk frameworks often focus on a limited set of concerns–security controls, external threats, insider threats, upgrading or updating systems, etc. But, as the relationships between security, business continuity, and system reliability become more complex in our data-saturated environment, organizations must have equally robust system support in place to ensure that information remains secure and available at all times. 

ISO 22301, “Security and resilience–Business continuity management systems–Requirements,” the International Organization for Standardization (ISO) defines a broad set of standards that organizations can implement to focus on business continuity and resilience. 

Read More

If you’re plugged into the world of cybersecurity, then you’ve most likely come across breathless reports of new “zero-day” vulnerabilities hitting the wild. And, on the surface, these sound terrible… but do you understand what that means?

A zero-day exploit is a significant, but not world-ending, security flaw affecting systems without anyone having noticed them yet. Rather than a cause for worry, these issues call us to remain ever-vigilant against potential security issues and our responses to them. 

Read More