The Utility Regulator's Role in Promoting Cybersecurity: Resilience, Risk Assessment, and Standards

April 2020 – Since 2016, the United States Agency for International Development (USAID)’s Bureau for Europe and Eurasia has taken a leadership position in promoting regulatory and utility preparedness of cybersecurity in defense of critical infrastructure.

Through work in Eastern Europe and Eurasia, USAID and NARUC have provided technical information and trainings to promote the capacity of energy regulators to play a leading role in protecting and advancing the energy sectors of their countries.

This guide was written by three leading cyber experts in the U.S. and the EU: 

• Stefano Bracco, Agency for the Cooperation of Energy Regulators (ACER)
• Frances Cleveland, Xanthus Consulting International, on behalf of the International Electrotechnical Commission (IEC) System Committee - Smart Energy - Cyber Security Task Force
• Tim Conway, SANS Institute

It was initially developed for regulators in Europe and Eurasia to reinforce their knowledge of practical cybersecurity solutions in the face of ongoing threats within the energy sector. However, the questions of how to evaluate risks, assess mitigation measures, and select standards are relevant for regulators around the world.

As cyber threats continue to evolve, energy regulators need to increase their technical capacities to be able to serve as leaders within their countries and promote coordination among governmental and non-governmental institutions. This guide provides a useful summary of international cyber standards so that regulators can have a starting point to more easily evaluate options for their national and/or regional contexts. 

You can access "The Utility Regulator's Role in Promoting Cybersecurity: Resilience, Risk Assessment, and Standards" here. The Russian version is also available here.