What We Do

Cybersecurity to Protect the Grid and Marketplace

Information technology has become an indispensable tool for efficiently and reliably operating the increasingly complex regional power system, administering the billion-dollar markets where wholesale electricity is bought and sold in New England, and engaging and collaborating with our stakeholders.

Today, the energy sector faces significant risk of attempted cyberintrusion. ISO New England is committed to making sure power grid and market operations remain secure and will continue to build on our already extensive process controls, advanced detection and response systems, and redundancy in systems and control centers. These help us detect, respond to, and recover from any cyberattacks, as well as to comply with mandatory standards. For example:

Our 24/7 Security Operations Center provides round-the-clock monitoring of the ISO technology network, and in the past few years we have tightened access to networked services and systems.
We’ve tightened security controls for cyberassets and visitors to ISO facilities, in compliance with North American Electric Reliability Corporation (NERC) revised critical infrastructure protection (CIP) cybersecurity standards.
A CIP and Systems Compliance Operations Group was formed to, among other things, provide day-to-day support of highly complex infrastructure and cybersecurity compliance functions required by NERC CIP Version 5. Compliance requires complex activities to be performed continually, even daily. One of the largest sub-requirements requires around 125,000 items to be checked for CIPv5 compliance every 35 calendar days. A number of new CIP standards are expected in the coming years.
FERC Order 848 requires NERC to update the CIP standard for cybersecurity incident reporting (CIP-008), which will require the ISO to update practices and procedures associated with cybersecurity event investigations and incident investigation and reporting.
We participate in NERC GridEx exercises on cybersecurity and physical security, and conduct annual training for all ISO employees. In 2017, more than 70 employees participated in GridEx IV; we will take part in GridEx V in 2019.
During 2019, we will be developing and implementing a third-party cybersecurity risk management program that will include compliance with the new CIP standard (CIP-013) related to Supply Chain Cyber Security Risk.
During 2019-2020, we will be replacing our 14-year-old system for modeling and tracking physical and electronic access to systems and applications. The new Identity and Access Management system will add cloud-service access tracking, privileged access management, automated implementation of accounts, and enhanced reporting to address NERC CIP compliance objectives.
A prominent corporate objective requires all ISO employees participate in annual cybersecurity training.

Read about how we’re using sophisticated systems to innovate for New England.

What We Do

Regional Electricity Outlook

Corporate Governance

Key Grid and Market Stats

Government and Industry Affairs

News and Media

Careers at ISO New England

Contact the ISO

Applications and Status Changes

Participant and Asset Listings

Training

Support

Governing Agreements

Rules and Procedures

Regulatory Filings and Orders

Participants Committee and Working Groups

Markets Committee and Working Groups

Transmission Committee and Working Groups

Reliability Committee and Working Groups

Planning Committees

Industry Collaborations

Inactive Committees

Key Projects

Plans and Studies

System Forecasting

Interconnection Service

Transmission Planning

Key Study Areas

Planning Models and Data

ISO Express

Markets Data and Information

Power System Forecast and Status

Market Performance

Market Monitoring and Mitigation

Market Development

Settlements and Billing

Transmission Operations and Services

Cybersecurity to Protect the Grid and Marketplace