|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
CYBER RISK MANAGEMENT AND STRATEGY
BHE and its Subsidiary Registrants recognize that maintaining processes for identifying, assessing and managing cybersecurity threats is important in dealing with their significant business risks. As such, BHE has implemented a framework for cybersecurity and cyber-related information management across its businesses. BHE's Chief Security Office ("CSO") drives collective focus and central coordination of BHE's cyber and physical security programs. The CSO identifies the strategic framework that promotes standardization of business security policies and practices and provides direction in managing security risks. Although the CSO provides oversight, the businesses retain accountability for executing company security objectives, policies and practices within their areas of responsibility.
BHE manages cybersecurity threats through its proactive risk management program and cybersecurity awareness program. BHE's businesses are certified against the ISO 27001 standard. The standard is authored by the International Organization for Standardization ("ISO") of Geneva, Switzerland. To achieve the certification, each business must sustain an information security management system that includes a risk-based framework to identify and manage information security risks through a continuous improvement cycle. The risks and controls identified in the system must be approved by top management and confirmed through annual internal and external ISO audits prior to certification.
In addition, BHE's compliance requirements include the North American Electric Reliability Corporation Critical Infrastructure Protection Standards, the Transportation Security Administration Pipeline Security Directives and the United Kingdom Center for the Protection of National Infrastructure Standards as applicable to each of the companies. These requirements are audited and assessed as mandated by applicable government agencies.
Each Registrant relies on technology in virtually all aspects of its business. Like any business, the Registrants' technology systems are a target for cyber attacks. Each Registrant expects to be subject to attempted attacks in the future and will continue to adapt defensive capabilities as such attacks become more sophisticated and frequent. A significant disruption or failure of its technology systems by cyber or physical attack could result in service interruptions, safety failures, security events, regulatory compliance failures, an inability to protect information and assets against unauthorized users, and other operational difficulties. Attacks perpetrated against each Registrant's systems could result in loss of assets and critical information and expose it to remediation costs and reputational damage.
In certain circumstances, BHE relies on third-party service providers for a variety of products and services to run its information systems. This dependence exposes BHE, along with others who use these service providers, to the impact of a cyber attack on these providers. Cyber attacks at a third-party service provider could have a significant financial, operational, or reputational impact. BHE continuously monitors the risks associated with its service providers.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
BHE manages cybersecurity threats through its proactive risk management program and cybersecurity awareness program. BHE's businesses are certified against the ISO 27001 standard. The standard is authored by the International Organization for Standardization ("ISO") of Geneva, Switzerland. To achieve the certification, each business must sustain an information security management system that includes a risk-based framework to identify and manage information security risks through a continuous improvement cycle. The risks and controls identified in the system must be approved by top management and confirmed through annual internal and external ISO audits prior to certification.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
BHE's Board of Directors has delegated responsibility for oversight of BHE's cybersecurity risk management program to its Executive Committee, consisting of BHE's Chief Executive Officer, who is a management member of the BHE Board of Directors, and the BHE Chief Financial Officer and General Counsel, who are not management members of the BHE Board of Directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
BHE's Board of Directors has delegated responsibility for oversight of BHE's cybersecurity risk management program to its Executive Committee, consisting of BHE's Chief Executive Officer, who is a management member of the BHE Board of Directors, and the BHE Chief Financial Officer and General Counsel, who are not management members of the BHE Board of Directors.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
BHE's CSO is responsible for cyber and physical security across BHE and its Subsidiary Registrants. The CSO is responsible for identifying, assessing and managing cyber risk for BHE and its Subsidiary Registrants. The Executive Committee has evaluated the expertise of the CSO and determined that it possesses the knowledge and expertise necessary to oversee BHE's cybersecurity risk management processes.
The CSO provides, at least annually, updates to the Executive Committee on:
•Strategic cyber and physical security initiatives
•Current threat and risk landscape impacting the organization
•Security compliance with regulatory requirements
•Compliance with ISO 27001 framework
•Number and impact of incidents reported through the BHE cybersecurity incident reporting process
|Cybersecurity Risk Role of Management [Text Block]
|
BHE's CSO is responsible for cyber and physical security across BHE and its Subsidiary Registrants. The CSO is responsible for identifying, assessing and managing cyber risk for BHE and its Subsidiary Registrants. The Executive Committee has evaluated the expertise of the CSO and determined that it possesses the knowledge and expertise necessary to oversee BHE's cybersecurity risk management processes.
The CSO provides, at least annually, updates to the Executive Committee on:
•Strategic cyber and physical security initiatives
•Current threat and risk landscape impacting the organization
•Security compliance with regulatory requirements
•Compliance with ISO 27001 framework
•Number and impact of incidents reported through the BHE cybersecurity incident reporting process
BHE's Cybersecurity Reporting Framework enables BHE to use a repeatable and timely process to identify, assess and manage any security incidents for materiality reporting. Each BHE business is required to report significant cybersecurity events to BHE. The Executive Committee and CSO together review incident reports to determine whether a cyber incident report should be filed with the SEC.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|BHE's CSO is responsible for cyber and physical security across BHE and its Subsidiary Registrants. The CSO is responsible for identifying, assessing and managing cyber risk for BHE and its Subsidiary Registrants.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Executive Committee has evaluated the expertise of the CSO and determined that it possesses the knowledge and expertise necessary to oversee BHE's cybersecurity risk management processes.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The CSO provides, at least annually, updates to the Executive Committee on:
•Strategic cyber and physical security initiatives
•Current threat and risk landscape impacting the organization
•Security compliance with regulatory requirements
•Compliance with ISO 27001 framework
•Number and impact of incidents reported through the BHE cybersecurity incident reporting process
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef