1

NARUC is a non-profit member organization of state public utility commissioners.

The paper, entitled Cyber Security for state regulators, is a primer written to help regulators take a more active role in the investment process for regulated utilities. It is part of an overall effort by NARUC's Grants and Research Department to educate state utility commissioners on utility trends and best practices, and help them ensure that utilities are making the right decisions regarding their investments in cyber security installations.

"It may fall to regulators to ask questions of utilities to determine if there are [cyber security] gaps and facilitate action. This may be the key role or commissioners in cyber security. Commissioners do not need to become cyber industry authorities or enforcers, but asking a utility a question may motivate the development of a well-founded answer," the primer says.

But as NARUC's primer also notes, asking questions is not enough. "Armed with the right information, regulators then have the difficult job of determining whether utility expenditures earmarked for cyber security protections are prudent and in the public interest."

The primer provides guidance of how to determine if utility investments are sufficient or insufficient and how to help utilities prioritize investments – while balancing those needs with the need to keep electricity affordable. It also addresses issues of security risk from vulnerabilities and threats.

You may also be interested in ...

Read the NARUC primer on cyber security

Addressing cyber security threats in the smart grid (video)

Real-life grid security bungles (and the 5 steps that can make them go away)