TL;DR: The Security Industry Association named Alert Enterprise founder Jasvir Gill vice chair of its Utilities Advisory Board, a move tied to utility security guidance on cyber-physical convergence, regulatory responses, and practitioner education for critical infrastructure, according to AlertEnterprise. The governance signal matters because utility security now sits at the intersection of physical protection, cybersecurity, and compliance, where identity, privilege, and operational resilience all overlap.
NHIMG editorial — based on content published by AlertEnterprise: SIA Utilities Advisory Board leadership update
Questions worth separating out
Q: How should utilities govern privileged access across cyber-physical environments?
A: Utilities should govern privileged access as a lifecycle problem, not a one-time approval.
Q: Why do utility environments create higher identity risk than standard enterprise IT?
A: Utility environments blend operational continuity, emergency access, physical security, and external maintenance, which makes identity boundaries harder to enforce.
Q: What do security teams get wrong about cyber-physical convergence?
A: Teams often assume existing IAM controls can be reused without adjustment.
Practitioner guidance
- Review utility privileged access paths end to end Inventory every account that can reach operational technology, facility systems, or third-party support channels, then classify which ones are truly time-bound versus standing.
- Separate facility access from administrative access Do not let the same identity model govern physical entry, remote administration, and vendor support without explicit policy separation and approval boundaries.
- Time-box emergency and maintenance credentials Use just-in-time approval for emergency access and require automatic expiry after the work window closes, including for vendor-connected sessions.
What's in the full analysis
AlertEnterprise's full article covers the operational detail this post intentionally leaves for the source:
- Background on the SIA Utilities Advisory Board's current initiatives and educational agenda.
- Direct quotes and commentary from the board leadership on utility security priorities.
- Details on how the board's guidance work connects to regulatory responses and industry education.
- Examples of the board's events, courses, and publication work for utility practitioners.
👉 Read AlertEnterprise's coverage of the SIA Utilities Advisory Board leadership change →
Utilities cyber-physical security governance: what changes for practitioners?
Explore further
Utilities security is becoming an identity governance problem, not just a perimeter problem. Critical infrastructure depends on remote administration, vendor access, emergency access, and maintenance workflows, all of which create identity risk when they are not governed lifecycle by lifecycle. That makes privileged access, offboarding, and auditability part of operational resilience. Practitioners should treat utility access governance as a core control plane, not a side process.
A question worth separating out:
Q: Who is accountable when utility access controls fail?
A: Accountability should sit with the operational owner of the system, the identity team that provisions access, and the third party if outsourced support is involved. Frameworks such as NIST CSF 2.0 and ISO/IEC 27001:2022 work best when they define responsibilities clearly and tie them to measurable review points.
👉 Read our full editorial: SIA utilities board leadership underscores critical infrastructure security