Evaluating the Prudency of Cybersecurity Investments: Guidelines for Energy Regulators

    

 

 

Evaluating the Prudency of Cybersecurity Investments: Guidelines for Energy Regulators

 

The guidelines demonstrate the leadership of USAID and NARUC in empowering energy regulators to increase grid resilience by ensuring prudent and effective investments in cybersecurity by their regulated entities, and attempt to answer the following questions: 

 

  • Which regulatory frameworks are best suited to evaluate the prudency of cybersecurity expenditures?
  • How can regulators identify and benchmark cybersecurity costs?
  • How can regulators identify good countermeasures for cybersecurity?
  • How can regulators assess the reasonableness of the costs associated with these countermeasures?
  • Is it possible to evaluate the effectiveness of cybersecurity investments?
  • Who should identify, benchmark, measure, and evaluate the countermeasures in different regulatory frameworks?

 

As power systems across the region continue to modernize, digitize, and integrate, they are increasingly exposed to additional vulnerabilities that can be exploited by cyberattacks. Attacks on the power grid can have devastating effects on a nation’s security, economy, and public welfare, and are a serious threat to all nations worldwide. 

 

While these guidelines were developed for the Europe and Eurasia region, much of their content can be applied universally, and NARUC encourages U.S. regulators and others to look for applicability within their own contexts and environments. 

Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained
here and / or the use of such content is in your opinion infringing Contact the referral system >>
Tel Aviv University, P.O. Box 39040, Tel Aviv 6997801, Israel