Traditional IT security policies do not provide for all the needs of OT infrastructure leaving groups of equipment minimally protected. And even though much of this equipment is not subject to NERC CIP standards, they still have the potential for business impact on the utility and also have the potential for large-scale impact on the bulk electric system (BES).
In this session, utilities will discuss how they approach these challenges. Topics include the design of operational technology, cybersecurity protection programs, considerations made in the application of standards and publications (NERC CIP, NIST 800-53/800-82, through to IEEE 1547-2018), and how implementations were approached that provided for necessary security controls and potential future regulations.