Control systems are NERC Compliant – buyer beware

Jan. 7, 2009
Many IT and control system vendors are claiming to offer NERC CIP-compliant products.  That makes for great marketing hype. However, the NERC CIPs are written for end-users to validate their comprehensive security program, not for vendors. In the January issue of Power Magazine, Dr. Bob Peltier states: “…the (Siemens) T3000 (DCS) is fully compliant with NERC Standards CIP-002 - CIP-009…”. This obviously makes no sense. For example, CIP-002 is Critical Cyber Asset Identification and CIP-008 is Incident Reporting and Response Planning.
Many IT and control system vendors are claiming to offer NERC CIP-compliant products.  That makes for great marketing hype. However, the NERC CIPs are written for end-users to validate their comprehensive security program, not for vendors. In the January issue of Power Magazine, Dr. Bob Peltier states: “…the (Siemens) T3000 (DCS) is fully compliant with NERC Standards CIP-002 - CIP-009…”. This obviously makes no sense. For example, CIP-002 is Critical Cyber Asset Identification and CIP-008 is Incident Reporting and Response Planning. What does this have to do with equipment vendors and their products? End-users need to ask the right questions. Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.