DOE Inspector General Slams NERC CIPs and NERC CIP Process

The U.S. Department of Energy Office of Inspector General Office of Audits and Inspections issued the following report: Audit Report -Federal Energy Regulatory Commission's Monitoring of Power Grid Cyber Security (DOE/IG-0846) dated January 2011. It is an absolute damming report of the NERC CIPs, the NERC CIP process, and the enforcement of the standards. I will leave it to the readers to go through it.  The report leaves little doubt that NERC can improve the process enough to drive protection of the grid in the next five years if they really wanted. However, the direction NERC is moving (Version 4) is the wrong direction. Any doubt where this is going? 

Joe Weiss

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p> ELECTRICITY GRID MODERNIZATION  Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed </p> <p> Highlights (in my own interpretation) if not obvious are things most folks can agree on: </p> <p> • Regulatory environment – uncertainty of cost recovery for cyber security investments</p> <p>• Security requirements are inherently incomplete – approaching cyber security as a compliance problem is flawed</p> <p>• information regarding cyber incidents (including unsuccessful attacks) must be shared in a safe way to avoid publicly revealing the organization and penalizing entities actively engaged in corrective action</p> <p>• Lack of consumer awareness – limits the extent to which consumers are willing to pay for more secure and reliable systems</p> <p>• There is a lack of security features being built into certain smart grid systems.</p> <p>• The industry does not have metrics for evaluating cyber security.</p> <p>   </p>


  • <p>Joe - My reading of the report is quite different. It is an analysis of FERC's performance and while FERC and the auditor disagree on FERC's performance, they agree that FERC needs more authority. Expect this report to be sent to the Congressional committees. I blogged on this <a href=""></a></p> <p>I'll agree that there are comments and mentions of the problems with the NERC CIP in the report, but that is not the main course in this report.</p> <p>Dale Peterson</p> <p>Digital Bond, Inc. </p> <p> </p>


RSS feed for comments on this page | RSS feed for all comments