This document is intended to help cooperatives develop a cyber-security plan for general business purposes, not to address any specific current or potential regulations. Its foundation is the National Institute of Standards and Technology Interagency Report 7628 (NIST-IR 7628), which is a survey of standards and related security considerations for the smart grid. NIST-IR 7628 does not establish regulations, but is a forward-looking document outlining a strategy for improving smart grid interoperability and security. Independent of this document, co-ops should understand what regulations, if any, pertain to them. A plan as addressed here is not required and development of a plan is not a substitute for, nor guarantee of compliance with any standards. Conversely, real security requires more than simply compliance with rules – the organization must embrace security as a basic requirement of business operations and develop a broad understanding of security.
This guide helps cooperatives think about security in a systematic way, consistent with the current Federal thinking. The basic concept is not “do this and you are secure” but a commitment to a process of continuous improvement.