Reader Feedback: NERC CIP Does Make the Grid Safer

Reader says "NERC CIP does not make the grid more secure or reliable."

By Gregory Bryant

In response to Joe Weiss' blog post of Jan. 19, I totally disagree about NERC CIP not making the grid more secure or reliable. Just a few reasons. I have seen where control systems were operated without malware and ultimately became infected. At least NERC CIP forces utilities to adopt best operating practices for cybersecurity. I know there are a lot of the rules that don't seem to make sense, but they are many times a compromise on what is practical. Control systems are not always patched as recommended by Microsoft. NERC CIP pushes the utility to patch as regularly as practical. Even the vendors of control systems have had to learn their systems better as they are pressed by their customers to document the used ports and services and pare down the unused. Changing passwords and disabling default accounts are but a few of the many best practices that are being pushed by NERC CIP. It is truly my belief that if not pushed by NERC CIP, many utility companies would not adopt best practices and would be very vulnerable and insecure. The rules and regulations are not perfect, but as with any law or rule, it is a compromise. The only way I see that NERC CIP does not make the grid more secure and reliable is if the rules are not followed or [if they are] circumvented.

Gregory Bryant
Duke Energy
gregory.bryant@duke-energy.com

Did you enjoy reading our content?

Did you enjoy reading our content?  Subscribe to our newsletters and  receive all our news in your inbox.

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments