| Popis: |
Energy regulators have a unique role to play in the field of cybersecurity. While the implementation of cybersecurity measures is typically the responsibility of power system operators, regulators have an obligation to ensure that investments made in the name of cybersecurity are reasonable, prudent, and effective. These guidelines are intended to assist regulators in defining tariffs by establishing a regulatory approach to enhance the cybersecurity stance of their power systems, and are based on literature and current practices. They attempt to answer the following questions: oWhich regulatory frameworks are best suited to evaluate the prudency of cybersecurity expenditures? oHow can regulators identify and benchmark cybersecurity costs? oHow can regulators identify good countermeasures for cybersecurity? oHow can regulators assess the reasonableness of the costs associated with these countermeasures? oIs it possible to evaluate the effectiveness of cybersecurity investments? oWho should identify, benchmark, measure and evaluate the countermeasures in different regulatory frameworks? As power systems modernize, digitize, and integrate, they are increasingly exposed to additional vulnerabilities that can be exploited by cyberattacks. Attacks on the power grid can have devastating effects on a nation's security, economy, and public welfare, and are a potent threat to all nations worldwide. These guidelines are a first-of-their-kind resource to empower energy regulators to support and encourage grid resilience by ensuring prudent and effective investments in cybersecurity by their regulated entities. The guidelines, melting competencies and wisdom from different disciplines, strive to provide space for concepts, processes and methods rather than prescriptive lists or ready-to-use formulas. These guidelines were developed by CNR-Ircres for the National Association of Regulatory Utility Commissioners (NARUC) with funding support from the United States Agency for International Development (USAID) as part of the Europe and Eurasia Cybersecurity Partnership. USAID and NARUC launched their work on cybersecurity in December 2016 in an effort to equip energy regulators from Armenia, Georgia, Moldova, and Ukraine with the tools and technical capacity to work with utilities in preventing and mitigating cyberattacks and to improve and safeguard overall energy security in the region. While these guidelines were developed for the Europe and Eurasia region, much of their content can be applied universally. |
