- Jul 29, 2021 4:22 pm GMT
Many people in the electric industry know that CIP standards are inadequate when it comes to implementing effective cybersecurity controls. The NERC CIP standards are primarily intended to help Bulk Electric Companies achieve "compliance" to avoid paying fines. One of the big problems with NERC CIP compliance, is that it places a huge burden on entities to maintain a significant amount of labor intensive documentation, that arguably, offers very little cybersecurity protections.
The difference between real, effective cybersecurity controls/measures and NERC CIP compliance are on full display when you see how some entities are addressing real cybersecurity protections, following the NIST Cyber Security Framework to safeguard company assets from harm, and meet the "compliance requirements" of NERC CIP.
The article contains this exchange with a FERC representative:
" Tuesday's House subcommittee hearing included a discussion of the NERC CIP and NIST security frameworks, and whether efforts to align them would result in better security for the electric sector. However, because the question is the subject of an open FERC proceeding, the commission's representative to the hearing was unable to answer lawmakers' questions. "
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.