The NERC Cyber Security Order 706 Project 2008-06 Standard Drafting Team recently held a workshop in Dallas to present a draft proposal of the next version of the CIP standards. Although I was unable to attend, I reviewed the posted slides and standard drafts. The Drafting Team looked at NIST and other frameworks for suggestions and guidance and adapted some requirements from the DHS Catalog of Control Systems Security (subset of NIST 800-53). It appears the Drafting Team has done an excellent job in giving full consideration to the NIST risk management framework within the limitations of the existing compliance-based requirements framework of the CIP. From the slides, the NERC Drafting team is making significant progress considering that the current CIP standards are a compliance exercise. In fact, it could be argued that the current standards actually have reduced grid reliability by using CIP-002 to exclude so many assets, removing IP connections and yet not addressing serial connections, and many utilities no longer providing black start capabilities. Hopefully, the electric industry will approve the new Standard’s Drafting Team approach. The alternative is regulation where nobody wins.Joe Weiss