1. Home

Have the NERC CIPs made the grid more secure - Who do you believe

May 31, 2009

Mike Assante is the Vice President and Chief Security Officer for NERC.  April 7th, Mike issued a letter to industry - “Critical Cyber Asset Identification” based on the results of NERC’s recently completed self-certification compliance survey for NERC Reliability Standard CIP-002-1 – Critical Cyber Asset Identification for the period July 1 — December 31, 2008.

Mike Assante is the Vice President and Chief Security Officer for NERC.  April 7th, Mike issued a letter to industry - “Critical Cyber Asset Identification” based on the results of NERC’s recently completed self-certification compliance survey for NERC Reliability Standard CIP-002-1 – Critical Cyber Asset Identification for the period July 1 — December 31, 2008.

According to Mike:
Identification and documentation of the Critical Cyber Assets associated with the Critical Assets (CA) that support the reliable operation of the Bulk Electric System necessitates a comprehensive review of these considerations. The data submitted to us through the survey suggests entities may not have taken such a comprehensive approach in all cases, and instead relied on an “add in” approach, starting with an assumption that no assets are critical. A “rule out” approach (assuming every asset is a CA until demonstrated otherwise) may be better suited to this identification process. Accordingly, NERC is requesting that entities take a fresh, comprehensive look at their risk based methodology and their resulting list of CAs with a broader perspective on the potential consequences to the entire interconnected system of not only the loss of assets that they own or control, but also the potential misuse of those assets by intelligent threat actors.

According to Dale Peterson on the Digital Bond website:
NERC CIP has significantly reduced risk and improved the security posture of the bulk electric systems. And if you will excuse the argument by emphatic assertion, anyone who says it has not either does not understand security or has an interest in denying this. It is valid to argue if this was the most efficient way to approach the problem, or if more risk reduction was required faster, or if the definitions of cyber assets and critical cyber assets should have been more stringent, but I don’t see how an honest look at the results could deny major improvements in the security posture have occurred.

Who do you believe?

Joe Weiss

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

shutterstock_2083390783
shutterstock_2514594583
shutterstock_2471042165

Most Read

Sponsored