NERC, NEI, and Bright Lines

July 16, 2010

NERC and NEI (Nuclear Energy Institute) are attempting to define “bright lines” that use the size of generation, load, and facilities as tests for registration and reliability standard compliance for cyber security. However, cyber security is about interconnectivity and system impacts. It is important to understand how data and processes impact the operation of the system. The concern should only shift to the component to consider specific scenarios or to measure some of the possible consequences that could affect systems.

NERC and NEI (Nuclear Energy Institute) are attempting to define “bright lines” that use the size of generation, load, and facilities as tests for registration and reliability standard compliance for cyber security. However, cyber security is about interconnectivity and system impacts. It is important to understand how data and processes impact the operation of the system. The concern should only shift to the component to consider specific scenarios or to measure some of the possible consequences that could affect systems. Otherwise utilities can, and have, used the N-1 criteria which is size-related to justify having minimal to no critical assets. There have already been control system cyber incidents with equipment that would not have met the “bright line” criteria. Consequently, “bright lines” should not be the defining criteria for cyber security. 
Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.