Simple Check-Box Survey & Report
Via Hometown Connections Alliance with Wortham Power Gen Insurance
LAKEWOOD, CO and HOUSTON, TX (October 24, 2016) To enhance their Public Power Cyber Liability & Privacy Insurance Program, Hometown Connections and Wortham Power Gen Insurance announced the availability of a Cyber Risk Evaluation Tool. This survey and follow-up report are offered at no cost to members of the American Public Power Association (APPA).
Wortham Power Gen Insurance has partnered with ITEGRITI to develop a 12-area check box survey that is based on the fundamental set of cybersecurity controls that help mitigate approximately 80% of cyber risks. These questions are typically used to prepare for and scope a cybersecurity review. Respondents should be able to complete the survey in less than 20 minutes. Responses are intended to provide a general cybersecurity profile that should be validated through actual program and control inspection.
The survey covers:
- Cybersecurity Insurance
- Asset Inventory: Hardware and Software
- Asset Baselines and Change Management
- Vulnerability Management and Hardening
- Access and Account Management
- Information Management and Protection
- Boundary Defense: Electronic and Physical Security
- Incident Management and Review
- Security Awareness and Training
- Supply Chain Management
SSL/TLS encryption is enabled to keep survey data safe, and survey responses are kept confidential.
A follow-on report will contain a summary of responses and an overall cybersecurity maturity score based solely on these responses. The report will provide rationale and objectives for each control area so that the utility can understand why these controls are necessary and what is needed to improve their overall cybersecurity. Because many APPA members have upcoming NERC CIP compliance obligations related to Low Impact cyber assets, a separate section of the report will provide additional insight, based on survey responses, into the compliance work ahead that will be necessary to meet NERC CIP compliance deadlines in 2017 and 2018.
The survey and report are provided to APPA members free of charge, on a voluntary basis, with no obligations. For larger public power systems (greater than $100 million in annual revenue), the follow-on report will help with procurement of Cyber Liability Insurance.
“Examples of cybersecurity exploits are abundant, and organizations, both large and small, are increasingly being compromised by criminals, rogue nations, and internal actors,” said George Adkins, Managing Director & Power Generation Practice Leader. “Protecting against these threats, especially for critical infrastructure, is more than an objective, it is an operational necessity. Through the new Cyber Risk Evaluation Tool, we can help clarify for APPA members the state of their cybersecurity posture.”
“Hometown Connections remains committed to addressing cybersecurity for public power on all fronts,” said Tim Blodgett, President and CEO. “We are working closely with N-Dimension Solutions and Wortham Power Gen Insurance to deliver crucial cyber threat monitoring services, provide an innovative cyber risk evaluation, and offer financial protections should a data breach occur.”
N-Dimension’s N-Sentinel Monitoring is a proactive measure that combines continuous cyber threat vigilance with timely detection and alerts to anomalous network activity. It includes in-depth intelligence about attacks along with expert guidance on remediation and additional insights on how to improve cybersecurity posture.
Wortham Power Gen Insurance’s program provides a no-cost survey and report that provides an introductory evaluation of a utility’s cyber vulnerabilities. Their comprehensive insurance program protects a utility after an attack. Its broad protection covers liability from a data breach of confidential customer data; expenses associated with a breach; costs associated with regulatory fines and penalties; costs associated with data recovery and cyber extortion; and emergency access to professional services to assist with data breach crisis management.
ITEGRITI is a cybersecurity and compliance advisory firm with deep experience in cybersecurity, compliance, IT/OT, and IT audit. ITEGRITI resources have assisted power companies with NERC and NERC CIP compliance since 2007 and most recently helped a large utility prepare for a multi-region NERC CIP v5 cybersecurity audit.