TL;DR: The Security Industry Association named Alert Enterprise founder Jasvir Gill vice chair of its Utilities Advisory Board, a move tied to utility security guidance on cyber-physical convergence, regulatory responses, and practitioner education for critical infrastructure, according to AlertEnterprise. The governance signal matters because utility security now sits at the intersection of physical protection, cybersecurity, and compliance, where identity, privilege, and operational resilience all overlap.
At a glance
What this is: SIA has named Jasvir Gill vice chair of its Utilities Advisory Board, with the board focused on utility security guidance, regulatory responses, and education.
Why it matters: This matters because utility programmes have to coordinate physical security, cyber controls, and identity governance across operational environments where access failures can create real-world impact.
👉 Read AlertEnterprise's coverage of the SIA Utilities Advisory Board leadership change
Context
Utility security is no longer just a physical protection problem or a cybersecurity problem. It is a cyber-physical governance issue where access, monitoring, and compliance have to work across facilities, operational systems, and people who manage them. For identity and security teams, that means privileged access, authentication, and lifecycle controls become part of resilience planning, not just IT hygiene.
The SIA Utilities Advisory Board sits in that overlap, producing guidance for security rules, educational content, and compliance responses for utility environments. That makes the appointment relevant not because of the individual alone, but because it signals continued attention on how critical infrastructure programmes translate governance into operational practice.
Key questions
Q: How should utilities govern privileged access across cyber-physical environments?
A: Utilities should govern privileged access as a lifecycle problem, not a one-time approval. Every account that can touch operational systems, facilities, or remote support paths needs a named owner, a narrow purpose, and automatic expiry where possible. Shared accounts and open-ended vendor access should be treated as exceptions that require compensating controls and periodic revalidation.
Q: Why do utility environments create higher identity risk than standard enterprise IT?
A: Utility environments blend operational continuity, emergency access, physical security, and external maintenance, which makes identity boundaries harder to enforce. The same account may need to support routine work one day and emergency response the next. That complexity increases the chance of standing privilege, incomplete offboarding, and access that outlives its purpose.
Q: What do security teams get wrong about cyber-physical convergence?
A: Teams often assume existing IAM controls can be reused without adjustment. In practice, utility environments require tighter separation of duties, more explicit approval paths, and stronger evidence of who accessed what, when, and for which task. If cyber and physical controls are managed separately, the organisation can miss the combined risk.
Q: Who is accountable when utility access controls fail?
A: Accountability should sit with the operational owner of the system, the identity team that provisions access, and the third party if outsourced support is involved. Frameworks such as NIST CSF 2.0 and ISO/IEC 27001:2022 work best when they define responsibilities clearly and tie them to measurable review points.
Technical breakdown
Cyber-physical convergence in utility security
Cyber-physical convergence means the security function has to treat digital access and physical protection as one operating surface. In utilities, that includes badge access, control systems, remote administration, field devices, and the identity controls that govern who can touch them. The challenge is not only attack prevention but also continuity, because a failed control in one domain can cascade into the other. Practical frameworks such as NIST Cybersecurity Framework 2.0 and ISO/IEC 27001:2022 help organisations align governance, technical controls, and response expectations across both environments.
Practical implication: map physical and cyber access paths together, then review where identity controls fail to cover operational technology and facility access.
Why identity governance matters in critical infrastructure
Identity governance becomes central when remote access, third-party support, and privileged maintenance are unavoidable. Utilities often rely on shared service access, vendor access windows, and tightly scheduled work, which makes standing privilege and incomplete offboarding especially risky. The issue is not abstract: if the same identity model is used for office IT and operational environments, control gaps appear at the boundary. This is where NIST SP 800-53 Rev 5 access control and identification controls, along with NHI governance concepts, become directly relevant to resilience planning.
Practical implication: tighten account lifecycle, privilege review, and offboarding processes for every identity that can reach operational systems.
Compliance guidance must reflect utility operating reality
Compliance in utilities is not just about documentation. Regulatory responses need to reflect how teams actually operate under maintenance windows, emergency conditions, and vendor dependency. That is why advisory boards matter: they shape how requirements are translated into training, guidance, and measurable controls. The useful question for practitioners is whether policy language can survive real operational constraints without creating either blind spots or workarounds. NIST CSF 2.0 and ISO/IEC 27001:2022 are most useful when they are applied as operating models, not as paperwork exercises.
Practical implication: test whether your compliance controls still work during outages, emergency access, and vendor-supported maintenance.
Threat narrative
Attacker objective: The attacker aims to gain trusted access that can influence utility operations, not just steal data.
- Entry occurs through legitimate utility access paths that are often shared between internal teams and external maintainers.
- Escalation follows when access is broader than the task requires, allowing a low-friction move from routine administration into high-value operational functions.
- Impact appears when cyber access, physical access, or both are used to disrupt operations, alter systems, or reduce confidence in critical infrastructure resilience.
Breaches seen in the wild
- Coupang Signing Key Breach — Unrevoked signing key credentials expose 33.7 million records after employee offboarding failure at Coupang.
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Utilities security is becoming an identity governance problem, not just a perimeter problem. Critical infrastructure depends on remote administration, vendor access, emergency access, and maintenance workflows, all of which create identity risk when they are not governed lifecycle by lifecycle. That makes privileged access, offboarding, and auditability part of operational resilience. Practitioners should treat utility access governance as a core control plane, not a side process.
Cyber-physical convergence creates a control gap where legacy IAM assumptions break down. Traditional enterprise IAM often assumes fixed users, stable roles, and predictable business hours. Utilities do not operate that way, especially when systems span field operations, facilities, and control environments. The field needs governance patterns that account for time-bound access, environmental separation, and stronger accountability for every non-human or third-party identity involved.
Standing access in critical infrastructure is the named failure mode here: the most dangerous assumption is that utility identities remain safe simply because they are familiar and well-established. In practice, long-lived access, incomplete offboarding, and shared operational accounts create a persistent exposure window. The practitioner conclusion is straightforward: eliminate standing privilege wherever operations allow it, and make every exception visible and time-bound.
Advisory boards matter because they shape how compliance becomes operational guidance. The utility sector needs controls that can be explained to operators, auditors, and regulators in the same language. That means the real value of industry guidance is not the paper itself, but whether it drives repeatable access decisions, better training, and clearer escalation paths. Practitioners should look for governance that changes behaviour, not just policy wording.
What this signals
Utility operators should expect more scrutiny of identity and access governance as cyber-physical risk becomes a board-level topic. The practical shift is toward proving that access is time-bound, reviewable, and separated by function, especially where vendors and contractors support operational systems.
cyber-physical identity sprawl: this is the condition where physical, operational, and digital access paths accumulate faster than governance can classify them. For utility programmes, the answer is not more paperwork but tighter lifecycle controls, better exception handling, and clearer ownership across the environment.
For practitioners
- Review utility privileged access paths end to end Inventory every account that can reach operational technology, facility systems, or third-party support channels, then classify which ones are truly time-bound versus standing.
- Separate facility access from administrative access Do not let the same identity model govern physical entry, remote administration, and vendor support without explicit policy separation and approval boundaries.
- Time-box emergency and maintenance credentials Use just-in-time approval for emergency access and require automatic expiry after the work window closes, including for vendor-connected sessions.
- Test offboarding against operational dependencies Verify that account removal covers contractors, integrators, and retired support paths that still have latent access to utility environments.
- Align audit evidence with real operating conditions Capture evidence for access reviews, emergency use, and maintenance exceptions in a format that matches how utilities actually run during outages and scheduled work.
Key takeaways
- Utility security is now an identity and access governance problem as much as it is a physical security problem.
- The key risk pattern is standing access across cyber-physical systems, especially where vendors and emergency users remain active longer than intended.
- Practitioners should focus on time-bounded privilege, offboarding discipline, and evidence that survives real operating conditions.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
MITRE ATT&CK address the attack surface, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, and ISO/IEC 27001:2022 define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Utility access governance and least privilege are central to this article. |
| NIST SP 800-53 Rev 5 | AC-6 | Least privilege is directly relevant to privileged utility access and maintenance workflows. |
| ISO/IEC 27001:2022 | A.5.15 | Access control governs how utility identities are granted and reviewed. |
| MITRE ATT&CK | TA0004 , Privilege Escalation; TA0008 , Lateral Movement | The threat narrative centers on access expansion across operational environments. |
Review utility identities against PR.AC-4 and reduce standing access to task-bound privilege.
Key terms
- Cyber-Physical Convergence: The point where digital security and physical security operate on the same risk surface. In utilities, that includes remote administration, facility access, operational systems, and the identity controls that connect them. Governance has to cover both domains together or gaps will appear at the boundary.
- Standing Privilege: Standing privilege is access that remains active even when no immediate task requires it. For NHI programmes, it is a common failure mode because long-lived credentials and persistent roles create unnecessary exposure. Reducing standing privilege usually means tighter expiry, on-demand access, and clearer review of who or what still needs access.
- Time-Bound Access: Time-bound access is a control pattern that grants permissions for a defined window and removes them automatically when the window ends. It is a practical least-privilege mechanism for cloud operations and NHI governance because it reduces how long elevated access can be abused.
What's in the full analysis
AlertEnterprise's full article covers the operational detail this post intentionally leaves for the source:
- Background on the SIA Utilities Advisory Board's current initiatives and educational agenda.
- Direct quotes and commentary from the board leadership on utility security priorities.
- Details on how the board's guidance work connects to regulatory responses and industry education.
- Examples of the board's events, courses, and publication work for utility practitioners.
Deepen your knowledge
The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and secrets management. It is designed for practitioners who need to translate identity control into operational security outcomes.
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org