1. Home

Winning with NERC CIP and still losing

Nov. 19, 2007

You can be NERC CIP compliant, and still get fined...

 

Many utilities will be spending a significant of time and resources on NERC CIP cyber security compliance. If you're a utility, there is a possibility that you may not be spending y...

You can be NERC CIP compliant, and still get fined...

Many utilities will be spending a significant of time and resources on NERC CIP cyber security compliance. If you're a utility, there is a possibility that you may not be spending your money wisely and, worse, may have to spend it again.

In order to get a voting majority to approve the NERC CIP standards, the NERC CIP standards were developed with sufficient ambiguity and exclusions to enable a utility to minimize the number of assets to be addressed as part of the NERC CIP process. This has resulted in the number of critical cyber assets for a medium size utility being on the order of 20-50, not a more realistic number of several thousand.

For organizations that weren't involved in the CIP development process, this approach appeared to be less than adequate. Consequently, October 17, Congressional hearings were held (http://homeland.house.gov/) on "The Cyber Threat to Control Systems; Stronger Regulations are Necessary to Secure the Electric Grid". Additionally, on October 17, the House Homeland Security Committee issued a letter to the Chairman of FERC requesting an investigation of the industry response to the Aurora vulnerability (as shown on CNN). The reason for the hearings and the letter are the shortcomings of the NERC CIP standards and industry's response to the ES ISAC Advisory.

A specific example of why one would care about the cyber security of the grid occurred at a panel session at ISA in Houston in October. A NERC representative stated that if security policies were employed, whether they were appropriate or not, the utility would be NERC CIP compliant. The NERC representative went on to discuss the infamous $1 Million/day fines for not meeting reliability criteria. When asked about the hypothetical situation where a utility utilizes inappropriate policies that could impact reliability, the NERC representative stated the utility would be compliant and yet potentially fined. Consequently, it is in each of your best interests to revisit what you are trying to accomplish- game the system or secure your assets.

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Home

Most Read

Sponsored