The Public Power Cybersecurity Scorecard

What exactly is the Public Power Cybersecurity Scorecard?

The Public Power Cybersecurity Scorecard is an online tool comprised of 14 easy-to -understand cybersecurity related questions that can be completed in under an hour. It can effectively be used by public power utilities to assess cyber risks, to benchmark  cybersecurity posture, to help plan improvements, and to assist in prioritizing investments.  

How does the utility score affect their RP3 and Bond rating?

Improving the Cybersecurity Scorecard results ultimately means an improved Public Power’s Reliable Public Power Provider (RP3) rating.  As part of RP3 scoring criteria, there are points associated with cybersecurity;  “Cybersecurity Policy or Procedure”, “Cybersecurity Awareness or Training”, and “Cybersecurity Vulnerability Assessments” which are directly related to the Cybersecurity Scorecard questions – e.g. “Question 4 – Vulnerability Management” to RP3’s “Cybersecurity Vulnerability Assessments”.  

Mitigating risks identified from the Scorecard and following the recommendations can lead the public power utility to higher points on the RP3, and help the utility in achieving higher RP3 designation that could translate to improved bond ratings, and savings on insurance.

In the fall of 2016, RP3 representatives from the American Public Power Association met with 3 key credit rating agencies, Fitch Group, Standard and Poor's Global Ratings, Moody's Investors. These credit agencies evaluate a company’s market position, their financial position and performance, governance and management, and debt and capital plan.

But how can one measure governance? This is where RP3 comes in – due to RP3’s rigorous and comprehensive studies done to a public power utility, the RP3 designees help demonstrate good governance and quality operations. When they are compared against non-RP3 public power utilities, higher percentage of RP3 designees showed strong credit rating.1

On this note, recently, a Joint Action Agency informed us that their bond rating was positively impacted because they had N-Sentinel Cybersecurity Monitoring in place and were actively using the system.  See below how N-Sentinel can help in achieving these positive results.

How does N-Dimension’s N-Sentinel Managed Services Improve My Utilities Score on the Public Power Cybersecurity Scorecard?

N-Dimension’s N-Sentinel managed security services are designed specifically for utilities, delivering continuous cyber threat monitoring and comprehensive remediation guidance. With timely awareness and insights about cyber threats, along with actionable information and access to cybersecurity experts, customers can take action to protect their networks, data and assets from cyber risks. Utilities who use these systems and fix their issues have shown a 25% decrease in their cyber risk during the first 4 months and a 50% decrease in their cyber risk during the first year.

N-Sentinel Helps in Addressing Following Questions from  Cybersecurity Scorecard

Question 4 – Vulnerability Management
Both N-Sentinel Monitoring and Vulnerability Assessment add-on programs provide information on vulnerabilities that are applicable to the N-Sentinel customer’s environment.  With the Monitoring service, alerts that are detected by the N-Sentinel Monitoring sensor are reviewed and analyzed by cybersecurity experts and recommendations are given based on the applicability to the utility.

With the Vulnerability Assessment service, customers can proactively scan systems in the network and obtain a report of vulnerabilities found which they can use to remedy potential sources of cybersecurity issues.

Question 5 – Threat Management
The N-Sentinel Monitoring services provides tools such as “Threat Insights”, where more information on particular threats can be found. Furthermore, the “Flash Alert” service notifies all customers when there is a potential or active cyber threat that could impact them.

Additionally, when N-Sentinel cybersecurity experts analyze a customer’s detected cyber threats, they correlate the cyber threats with different applicable threat intelligence to provide accurate and concise security information along with remediation steps.

Question 6 – Cyber Risk Management
The N-Sentinel Vulnerability Assessment service can identify and provide a comprehensive list of vulnerabilities along with recommendations. When combining this Vulnerability Assessment service with N-Sentinel Monitoring, a public power utility can identify if a particular vulnerability has been exploited or targeted. By having access to N-Sentinel security experts, utility organization can further understand their cyber risks and access help in their decision-making process of whether to mitigate, accept, or transfer those risks.

Question 7 – Cyber Event Detection
The N-Sentinel Monitoring service has a customizable email alert notification system to report cybersecurity events to different designated parties. This flexibility allows a public power utility’s acting IT or information security personnel to act and respond to cybersecurity events more actively. N-Sentinel keeps all detected cybersecurity incident alert logs along with their associated security concerns and remediation workflow tickets which facilitates alert tracking and remediation tracking.

Question 8 – Cyber Incident Response
With N-Sentinel Monitoring service,  all detected cybersecurity incidents alerts and the security concerns created by N-Sentinel cybersecurity experts analysis are logged. This and the interaction with our cybersecurity team and the progress made to remediate the security concerns can be tracked from our centralized customer portal.  

Additionally, customers have made us part of their cybersecurity incident response plan and incident response team because of their ability to access N-Sentinel cybersecurity experts. The cybersecurity experts can analyze past data to help with the fix, including stepping the on-site IT person through the process. If the incident is a major issue, a Flash Alert will be generated about the cyber incident and sent to all the N- Sentinel Monitoring customers with the customer’s identity protected.

Question 10 – Monitoring Cyber System Activity
The N-Sentinel Monitoring service watches for network security incidents on a 24x7 basis, alerting the customer when a cybersecurity intrusion or incident is detected. Cybersecurity incidents that are detected are then reviewed and analyzed by N-Sentinel cybersecurity experts. This helps drastically improve N-Sentinel customer’s cybersecurity posture and the score for Cybersecurity Scorecard.

Question 11 – Cyber Threat and Event Information Sharing
As part of N-Sentinel, N-Sentinel Community reports (e.g. specific joint-action agency (JAA) community, specific state communities) are created using anonymized information. These, in addition to the Flash Alerts that are sent when an event or cyber threat occurs, provides a comprehensive threat and event information sharing platform.

Show Comments