The words of Tom O'Brien from PJM, in his Senate Testimony are compelling:
"PJM utilizes the Cybersecurity Framework, developed by the National Institute of Standards and Technology, as our approach to managing cybersecurity. The framework focuses on the principal functions to identify, protect, detect, respond and recover."
"Partnership and collaboration are essential to any cybersecurity or physical security program. The importance of working across the industry, and with our state and federal government partners – and even across other critical infrastructures like telecom, finance, water and gas – to share threat information and best practices cannot be overstated. Threat intelligence and learning from others in relation to threats and prevention is critical to managing any cybersecurity program."
I sincerely hope that FERC will seriously consider adopting the collaborative approach to cybersecurity protections across all critical infrastructure that CISA is advocating. Let's put the Nation's cybersecurity experts at CISA/NIST in charge of cybersecurity practices and let NERC focus on what it does best, reliability standards for grid operations and planning - leave critical infrastructure cybersecurity to the experts at CISA/NIST.
There does appear to be some hope that siloed cybersecurity approaches are waning, thanks to this new bill.