1. Home

NERC CIPS and Keeping Lights On – are they the same?

Aug. 20, 2014

August 19th, I spent a day with the NERC Critical Infrastructure Protection (CIP) Version 5 Drafting team working on one of the NERC CIP Standards. The focus was on boundary protection, not on the actual control system devices and serial communications which were explicitly excluded. What do they think the hackers will do or do they even care?

August 19th, I spent a day with the NERC Critical Infrastructure Protection (CIP) Version 5 Drafting team working on one of the NERC CIP Standards. The focus was on boundary protection, not on the actual control system devices and serial communications which were explicitly excluded. The vulnerabilities that could lead to major equipment damage and associated extended outages because of design features in the control system devices such as Stuxnet, system vulnerabilities such as Aurora, or measurement vulnerabilities such as serial HART communications were not addressed. Rather, the focus was on the traditional network issues – firewalls, routers, etc. Given the recent spate of IT hacks that have managed to make it through existing boundary protection, isn’t this thinking a bit antiquated? About the only discussion on actual control systems or facility operation came from the FERC representative not the utility attendees. The utilities’ and NERC’s concerns were how to minimize the number and activities needed to address the “Lows” (smaller facilities). There just doesn’t seem to be an appreciation of what a determined, knowledgeable attacker would attack. There also doesn’t appear to be an appreciation of just how common the equipment and the associated cyber vulnerabilities are across multiple facilities. That is, there does not seem to be an appreciation of just how many “Lows” could be compromised that could impact large portions of the bulk electric grid for a substantial period of time.

(Warning- major sarcasm) In order for the NERC CIP approach to be successful, NERC needs to hold a training session for the hackers on what the NERC ground rules are for their attacks – what is in scope for attacks and when. The hacker training should assure them that the utilities’ and NERC’s paper approach on Aurora is adequate and so they should not attempt to use that scenario. It should also convince them not to use available ICS metasploits because they are out of scope for NERC CIP mitigation.

Is there a question as to whether the lights will stay on?

Joe Weiss

Continue Reading

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.

Latest from Home

Most Read

Sponsored