An Update for SIA Members From the Utilities Advisory Board

By Joey St Jacques, Chair, SIA Utilities Advisory Board on October 10, 2025 |

What the SIA Utilities Advisory Board Has Been Producing for You

Joey St. Jacques, Chair, SIA Utilities Advisory Board
Joey St. Jacques is chair of the SIA Utilities Advisory Board and a security solutions representative, critical infrastructure, at Chubb Fire & Security Canada.

The Security Industry Association (SIA) Utilities Advisory Board serves as a leader in compliance and technology topics for security professionals operating within utility facilities. We are dedicated to developing recommendations and guidance for the physical security and cybersecurity of utilities infrastructure. Our work also includes providing additional support to security rules proposed by regulatory agencies, fostering knowledge exchange with related industries and creating content for SIA events and publications.

Our accomplishments include the developing the Security Cornerstones module on critical infrastructure security, hosting Protecting Utilities Lunch events each year at ISC West and ISC East and delivering practical education through our six-session SIAcademy LIVE! course on securing utilities and the energy sector. Furthermore, our Guide to NERC CIP Compliance has become an essential industry resource.

The advisory board’s upcoming projects will address key challenges in utility security, focusing on insider threat guidelines for the utility sector, physical and cybersecurity convergence guidance and protecting artificial intelligence (AI) data centers. We also plan to explore AI applications in compliance-driven sectors while advancing governance, risk and compliance in both physical security and cybersecurity.

The utility sector is currently navigating an evolving threat landscape, marked by a significant increase in ransomware attacks and multiple reported insider threats, underscoring the importance of our forthcoming insider threat guidelines. There has also been a dramatic surge in Internet of Things malware attacks affecting connected devices in utility operations. And nation-state actors are intensifying cyber espionage, incorporating AI into their tactics.

While cybersecurity initiatives understandably receive significant attention and investment, physical security requirements form the cornerstone of effective infrastructure protection strategies. Physical security controls serve as critical barriers against unauthorized facility access, equipment manipulation and sophisticated multivector attacks that exploit both digital and physical vulnerabilities.

The integration of cyber and physical attack methodologies has become increasingly common among advanced threat actors, who recognize that compromising physical security can bypass even the most robust cybersecurity defenses. These coordinated campaigns often begin with physical reconnaissance and facility infiltration before progressing to network compromise and operational disruption.

Our comprehensive Guide to NERC CIP Compliance provides detailed analysis of CIP-014 physical security requirements. This critical standard mandates comprehensive physical security risk assessments designed to identify and protect high-consequence transmission stations, substations and primary control centers from physical attacks capable of triggering widespread grid instability, uncontrolled system separation or catastrophic cascading failures across interconnected networks.

The standard recognizes that no single security measure provides complete protection against a determined adversary, requiring integrated security systems that create multiple obstacles for potential attackers while providing security personnel with enhanced situational awareness and response capabilities. The effectiveness of these measures depends on proper implementation, regular testing and continuous adaptation to evolving threat landscapes and attack methodologies.

These developments underscore the increasing importance of our advisory board’s work. The convergence of AI-driven energy demands, stricter regulatory requirements and evolving threat landscapes necessitates the proactive and comprehensive security guidance that we are committed to providing. We encourage your continued engagement with our work, participation in our events and contributions of your insights as we collectively address these critical initiatives.

Thank you for your commitment to excellence in utility security.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.