Cyber Resilience – More Reasons to Voluntarily Espouse NERC CIP Guidance and the NIST Cybersecurity Framework

A prior post, ICS Preparedness/Resilience – More on Following NERC Guidance, Even Though it’s Not Required, discussed the benefits for water and wastewater utilities to voluntarily follow NERC CIP, especially given the cross-sector dependencies. However, with legislation potentially looming over the water and wastewater sector, it’s even more important for sector utilities to electively embrace what the electricity sector has achieved in its Critical Infrastructure Protection Reliability Standards. Likewise, the NIST Cybersecurity Framework (CSF) is heralded as authoritative cybersecurity guidance, and while many water and wastewater utilities already reference NERC CIP and the NIST CSF, it might be time for a sanity check. To make that easy, NIST published a white paper highlighting a recent mapping effort between the NERC CIP standards and the NIST CSF – Benefits of an Updated Mapping between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards. What’s more, NIST also has A Quick Start Guide, a “checklist” of sorts, to help provide direction and guidance to organizations – in any sector or community – seeking to improve cybersecurity risk management via utilization of the NIST Framework for Improving Critical Infrastructure Cybersecurity. Water and wastewater utilities of all sizes are encouraged to review both resources to bolster their cyber resilience.