While the implementation of cybersecurity measures is typically the responsibility of power system operators, regulators have an obligation to ensure that investments made in the name of cybersecurity are reasonable, prudent, and effective. USAID jointly with its implementing partner NARUC developed a first-of-its-kind guidelines on Evaluating the Prudency of Cybersecurity Investments. These guidelines are intended to assist regulators in defining tariffs by establishing a regulatory approach to enhance the cybersecurity stance of their power systems, and are based on literature and current practices. They attempt to answer the following questions:
How should the regulators and the companies interact in establishing a global cybersecurity strategy for the country?
Who should identify, benchmark, measure, and evaluate the countermeasures in different regulatory frameworks?
How can regulators identify and benchmark cybersecurity costs?
Is it possible to evaluate the effectiveness of cybersecurity investments?