Cybersecurity has emerged as a major issue for utilities. Utilities today are facing more complexity in capturing, managing and protecting critical infrastructure and business systems from high-tech attacks and data theft. Smart grid, smart meters and other advanced operational technologies, while offering substantial benefits, also result in additional interdependencies and potential key vulnerabilities.

Controls Framework Program

Black & Veatch is coordinating with the Tennessee Valley Authority’s (TVA) Enterprise Information Security and Policy (EISP) group and all of TVA’s business units to support them in the assessment, development and implementation of their unified controls framework program. The program includes TVA’s nuclear, generation, transmission, hydro and river operations. All parties are working in coordination with the Critical Infrastructure Protection (CIP) standards developed by the North American Electric Reliability Corporation (NERC), a protocol known as NERC-CIP.

In addition, the startup of Watts Bar Unit 2 nuclear reactor, located near Spring City, Tennessee, has necessitated that TVA be on an accelerated schedule for implementing its nuclear cybersecurity program. TVA’s goal is to have a robust cybersecurity program, which meets Nuclear Regulatory Commission (NRC) and Federal Information Security Management Act (FISMA) regulations.

“TVA was looking for a company to bridge the gap between technology, security and the utility operation. Black & Veatch brought to the table a blend of professionals that have been in the operating environment, but at the same time understand the regulatory world we’re living in and the controls and implications that come with that, and being able to apply that to our business. TVA is in a unique situation in that we’re a federal corporation and we’ve got an opportunity to set a standard for the industry and lead the way. We brought in Black & Veatch to help achieve that vision of making us the industry standard.”

James W. Sample, Director, EISP, TVA