Home

The electric utility industry needs to address all of their critical assets

April 9, 2009

Tuesday was an interesting day. Mike Assante, NERC’s Vice President and Chief Security Officer, issued a letter on the status of CIP-002 – Critical Asset Identification.
http://www.nerc.com/fileUploads/File/News/CIP-002-Identification-Letter-040709.pdf
It is a scathing indictment of the electric industry. Concurrently, the Wall Street Journal issued the story about hacking of the electric grid. I want to focus on what I consider to be the more important issue- Mike’s letter. The two points to remember are the NERC CIPs are meant to maintain bulk electric grid reliability and they are specifically for cyber security. Mike very aptly points out that cyber relies on the “weakest link in the chain” principle so that excluding so many assets precludes an adequate cyber assessment of the system. The electric utilities have used NERC CIP-002 to minimize their self-designated critical assets. Since CIP-002 is the funnel for the rest of the CIP cyber security standards, assets self-designated as non-critical require no further cyber security review. What is clear from Mike’s letter is that far too many utilities do not view it as important to secure their electric assets – it is compliance for compliance sake. Additionally, what is not in Mike’s assessment is that some utilities are actually reducing grid reliability by removing black start capability and pulling IP connections in order to avoid the NERC CIPs, and most utilities not having self-designated critical generation assets are also not addressing Aurora.
There are now two other very important programs that are looking to hang their hats on the NERC CIPs:
- Nuclear plant continuity of power
- Smart Grid
Both of these functional areas are explicitly excluded from the current version of the NERC CIPs. If they are to be included as FERC is proposing in Order 706B for nuclear and the Smart Grid Policy for Smart Grid, the NERC CIPs need to be modified to remove these exclusions. Consequently, removing CIP-002 will enable the CIP standards to become much closer to the NIST Standards and prudent engineering.

This country is suffering immensely from the self regulation of the financial industry- we cannot afford our critical infrastructures to suffer the same fate.
Joe Weiss

The electric utility industry needs to address all of their critical assets

Continue Reading

Special rules for tuning level controllers

Shell Organizes Operations by Deploying OMPro in 20 Plants

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

Level Measurement in Water and Waste Water Lift Stations

Temperature Transmitters | The Perfect Fit for Your Measuring Point

2024 Industry Trends | Gas & LNG

Latest from Home

2024 Process Automation Hall of Fame: Joe Weiss’ winding river

Remember when ingenuity, fortitude and effort yielded process control advances?

Peace with nature: building the ’artificial forest’

Most Read

Could the Dali container ship incident have been a control system cyberattack?

How to size and select your next pressure relief valve

Role of FL and XT in sizing control valves

Sponsored

Mastering Precision: The Art and Science of Industrial Clamping for Seamless Machining

Toggle Clamps: Everything You Need To Know

From the Powertrain to Your Kitchen - Know the Different Types of Latches For Your Application