NERC CIPs are not all inclusive - Control Engineering editorial

Jan. 6, 2009
Yesterday, Peter Welander of Control Engineering provided the following editorial - Cyber Security Issues Take Center Stage in 2009. I completely agree with Peter’s thoughts that cyber security will become a big issue in 2009. However, I wanted to correct the impression being left by one statement: “First and foremost, the NERC CIP (National Electric Reliability Corporation Critical Infrastructure Protection) regulations are coming into effect now.
Yesterday, Peter Welander of Control Engineering provided the following editorial - Cyber Security Issues Take Center Stage in 2009. I completely agree with Peter’s thoughts that cyber security will become a big issue in 2009. However, I wanted to correct the impression being left by one statement: “First and foremost, the NERC CIP (National Electric Reliability Corporation Critical Infrastructure Protection) regulations are coming into effect now. This may only affect power plants and larger utilities for the time being, but what happens through this implementation could hit you sooner than later.”  I agree with his thoughts that security will affect the utilities sooner rather than later. However, the statement about power plants and small utilities is misleading. Currently, industry’s focus is on control centers and substations with most North American power plants classified as NOT being critical assets – consequently, not assessed. Secondly, small utilities are part of the NERC CIPs even though many consider themselves NOT to have critical assets because of their size. Hopefully, with the implementation of the NIST Framework, both of these limitations will change for the better. Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.