Taking a Leadership Role on Cyber Security
At NextEra Energy, we employ many technologies to make our energy cleaner, affordable and highly reliable. Yet one of the greatest threats to our ability to deliver value for our customers, communities, employees, shareholders and our environment is the threat of a cyber-attack. While cyber security is not new, it is a rapidly evolving threat. To manage this threat we have implemented a multi-faceted strategy to protect the physical and informational assets that an attacker could target. Our intent is to preserve our ability to create and deliver value to our many stakeholders.
Our multi-faceted strategy is founded on:
- collaborating among peers, industry groups and oversight agencies to identify and share best practices, as well as benchmark performance;
- engaging with federal and state governments on information sharing; and
- continuously maturing internal organizational capabilities for cyber-attack prevention and response.
- Strategy in Motion - Managing Cyber Security
At NextEra Energy, we work closely with government regulators to discuss and address system vulnerabilities. This includes sharing information and working closely with the U.S. Department of Energy, U.S. Department of Homeland Security, the U.S. Congress, the White House and state governments. We also comply with all federal, state and local regulations that govern cyber security.
In addition to collaborating with these oversight agencies, we engage in a number of public- private partnerships to help strengthen our cyber security defenses.
We also utilize a wide-variety of cyber security frameworks, capability and maturity models, and best practice guidelines to help identify potential gaps and ways to remediate them.
To validate that our cyber security defenses are operating as intended, we continuously conduct external, third-party assessments to ensure that our various tools, processes and controls are operating effectively. These third-party experts continue to be instrumental in helping us gauge the overall effectiveness of our cyber security program.
Finally, we have taken steps within our company to minimize the possibility and potential impact of a cyber-attack by providing extensive training to our employees,by conducting cross-departmental drills, and by developing comprehensive response and restoration plans to ensure the ongoing resiliency of our systems.