Information technology is an indispensable tool for efficiently and reliably operating the increasingly complex regional power system, administering the billion-dollar markets where wholesale electricity is bought and sold in New England, and engaging and collaborating with our stakeholders.
Today, the energy sector faces significant risk of attempted cyberattack, both from nation state adversaries seeking to cause disruption and e-criminals focused on financial gain. 91³Ô¹ÏÍø is committed to making sure power grid and market operations remain secure.
We continuously review and improve cyber operations to keep pace with digital threats. Our cybersecurity analysts regularly participate in simulated cyberattack response training together with Control Room operators and Local Control Center cyber responders across New England. Our extensive process controls, advanced detection and response systems, and redundancy in systems and control centers help us detect, respond to, and recover from any cyberattacks.
In addition, we maintain the highest standard of security controls for cyber assets and visitors to ISO facilities, in compliance with North American Electric Reliability Corporation (NERC) revised critical infrastructure protection (CIP) cybersecurity standards.
A wide range of resources, procedures, and standards helps us protect our cyber assets:
Our highly specialized Cyber Security Operations Center provides round-the-clock monitoring of the ISO technology network and defends our technical infrastructure from cyberattack.
A CIP and Systems Compliance Operations Group provides day-to-day support of highly complex infrastructure and cybersecurity compliance functions required by NERC CIP Version 5, a comprehensive set of cybersecurity standards for the bulk electric system.
We participate in NERC GridEx exercises, the largest grid security exercise in North America. Held every two years, GridEx provides an opportunity for member organizations to practice how they would respond to and recover from coordinated cyber and physical security threats and incidents.
Our third-party cybersecurity risk management program complies with CIP standard (CIP-013) related to Supply Chain Cyber Security Risk.
Our Identity and Access Management system tracks physical and electronic access to systems and applications, including cloud-service access tracking, privileged access management, automated implementation of accounts, and enhanced reporting to address NERC CIP compliance objectives.
A prominent corporate objective requires all ISO employees to participate in annual cybersecurity training. Employees are also trained annually in maintaining physical security; together, these interconnected programs help keep our campuses and assets safe.
