Control systems are NERC Compliant – buyer beware

Jan. 7, 2009
Many IT and control system vendors are claiming to offer NERC CIP-compliant products.  That makes for great marketing hype. However, the NERC CIPs are written for end-users to validate their comprehensive security program, not for vendors. In the January issue of Power Magazine, Dr. Bob Peltier states: “…the (Siemens) T3000 (DCS) is fully compliant with NERC Standards CIP-002 - CIP-009…”. This obviously makes no sense. For example, CIP-002 is Critical Cyber Asset Identification and CIP-008 is Incident Reporting and Response Planning.
Many IT and control system vendors are claiming to offer NERC CIP-compliant products.  That makes for great marketing hype. However, the NERC CIPs are written for end-users to validate their comprehensive security program, not for vendors. In the January issue of Power Magazine, Dr. Bob Peltier states: “…the (Siemens) T3000 (DCS) is fully compliant with NERC Standards CIP-002 - CIP-009…”. This obviously makes no sense. For example, CIP-002 is Critical Cyber Asset Identification and CIP-008 is Incident Reporting and Response Planning. What does this have to do with equipment vendors and their products? End-users need to ask the right questions. Joe Weiss

Sponsored Recommendations

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...