Per NERC Critical Infrastructure Protection Committee (CIPC) commitments, the NERC Control System Security Working Group (CSSWG) is updating a series of control system guidelines. One set of guidelines addresses the electronic connectivity between control systems and business networks.
NERC just issued their 2008 Annual Report. Enclosed is my objective look at NERC’s 2008 accomplishments for critical infrastructure protection (CIP). The President’s Report: “The bulk power system is only as strong as its weakest link”"
Tuesday was an interesting day. Mike Assante, NERC’s Vice President and Chief Security Officer, issued a letter on the status of CIP-002 – Critical Asset Identification. http://www.nerc.com/fileUploads/File/News/CIP-002-Identification-Letter-040709.pdf
The NERC CIPs were drafted from a compliance rather than security perspective. Consequently, this has led to unintended consequences to both cyber security and grid reliability. I want to focus on limitations of the NERC CIPs and how it is contributing to the lack of cyber security, and worse, reducing...