- Cities and Utilities (1–2 points)
- Campuses (1 point)
- Transit (1 point)
To build public confidence in grid modernization by protecting customers’ private electricity usage data and protecting smart grid technologies from threats.
Develop a comprehensive policy on data privacy and cybersecurity. The policy must identify steps to ensure secure network operation and data integrity under future grid modernization.
OPTION 1. Cybersecurity (1 point)
Have in place at least three of the following policies and practices to address cybersecurity threats:
- Access control for all physical, wireless, and virtual access points, including physical protections and limited access to substations, routers, servers, firewalls, and bridges
- Data encryption
- Periodic security audits of access points and potential vulnerabilities
- Automatic breach detection
- Threat and vulnerability assessment and standard responses in case of breach
- Regular security awareness training for employees. The effectiveness of security awareness training must be reviewed at least once a year. Practical exercises may be included in the security awareness training that simulates actual cyber-attacks.
OPTION 2. Data privacy (Cities and Utilities only, 1 point)
Have in place policies and practices that ensure the integrity and confidentiality of data and customer choice in sharing data. Ensure information security at all interfaces, devices, and data operations. Meet at least two of the following measures for data privacy:
- Opt-out data-sharing policy for aggregated data that explicitly protects customer privacy and personally identifiable information
- Opt-in customer data-sharing agreement for personally identifiable information
- Separate communication pathways policy for sending data
© Copyright 2020 GBCI. All Rights Reserved.