TN Utilities Mandate Cyber Security Program
- 3/9/2023 7:00 am
The Tennessee State Legislature enacted an amendment to TCA Code Annotated, Title 7, Chapter 51 – Consolidated Governments and Local Governmental Functions and Entities. This amendment affects certain municipal utilities in Tennessee and has an implementation mandate of July 1, 2023.
Public utilities that provide electric, water, wastewater or natural gas services will now be required to prepare and implement a cyber security plan to provide for the protection of the utilities’ facilities from unauthorized use, alteration, ransom or destruction of electronic data. In addition, the amendment requires utilities to assess and update the cyber security plan every two years to address new threats.
A cyber security plan specifies the security policies, procedures and controls required to protect an organization against threats and risk. It can also outline the specific steps to take for responding to a breach. It should include day-to-day policies, measures and protocols for managing specific situations.
A well-developed cyber security plan includes the following:
- Security Risk Assessment
- Security Goals
- Evaluation of Technology
- Security Framework
- Security Policies
- Risk Management Plan
- Implementation of a Security Strategy
- Evaluation of the Security Strategy
Even if your entity does not provide utility services, there are several basic cyber security practices that are highly recommended, which include:
- Backup of Data
- Cyber Security Awareness Training
- Patch Management
- Discontinuing End-of-Life Software
- Firewall Management
- Security Gap Audit or Analysis
- Multifactor Authentication
Public Entity Partners offers Privacy and Network Liability Coverage to its members. This coverage provides protection for third-party actions against members related to the failure to properly protect confidential information, or the failure of network security that results in a breach. It also includes the Data Breach Fund Coverage, which provides coverage for first-party expenses related to an information breach. In addition, PEP offers the Cyber Extension option, which expands the Data Breach Fund sublimit to include ransomware and social engineering coverage.
Categories
-
Annual Report
(5)
-
Audit Requests
(2)
-
Board of Directors
(12)
-
Claims
(25)
-
Cyber Extension
(4)
-
Cyber Security
(27)
-
Dividend
(6)
-
EHS Hero & HR Hero
(13)
-
Employment Practices Liability
(26)
-
Excellence In Risk Management Awards
(17)
-
Fireworks
(1)
-
First Responders
(9)
-
GatherGuard
(1)
-
Grants
(18)
-
Law Enforcement
(16)
-
Local Government Risk Academy
(4)
-
Loss Control
(96)
-
Member Services
(9)
-
Message From the President
(16)
-
MTAS
(10)
-
Municipal Sewer System
(4)
-
Partnering for Success Webinar Series
(23)
-
PEP Staff
(29)
-
Qualified Immunity
(3)
-
Risk & Insurance Symposium
(33)
-
Safety Program
(56)
-
Scholarships
(15)
-
Social Media
(2)
-
Training
(66)
-
Underwriting
(29)
-
Workers' Compensation
(27)
- Annual Report (5)
- Audit Requests (2)
- Board of Directors (12)
- Claims (25)
- Cyber Extension (4)
- Cyber Security (27)
- Dividend (6)
- EHS Hero & HR Hero (13)
- Employment Practices Liability (26)
- Excellence In Risk Management Awards (17)
- Fireworks (1)
- First Responders (9)
- GatherGuard (1)
- Grants (18)
- Law Enforcement (16)
- Local Government Risk Academy (4)
- Loss Control (96)
- Member Services (9)
- Message From the President (16)
- MTAS (10)
- Municipal Sewer System (4)
- Partnering for Success Webinar Series (23)
- PEP Staff (29)
- Qualified Immunity (3)
- Risk & Insurance Symposium (33)
- Safety Program (56)
- Scholarships (15)
- Social Media (2)
- Training (66)
- Underwriting (29)
- Workers' Compensation (27)