Part of Grid Network »

The Grid Professionals Group covers electric current from its transmission step down to each customer's home. 

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Dick Brooks is the inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software...

  • Member since 2018
  • 1,503 items added with 649,771 views
  • Jul 29, 2021

Many people in the electric industry know that CIP standards are inadequate when it comes to implementing effective cybersecurity controls. The NERC CIP standards are primarily intended to help Bulk Electric Companies achieve "compliance" to avoid paying fines. One of the big problems with NERC CIP compliance, is that it places a huge burden on entities to maintain a significant amount of labor intensive documentation, that arguably, offers very little cybersecurity protections.

The difference between real, effective cybersecurity controls/measures and NERC CIP compliance are on full display when you see how some entities are addressing real cybersecurity protections, following the NIST Cyber Security Framework to safeguard company assets from harm, and meet the "compliance requirements" of NERC CIP.

This description from PJM makes clear the distinction between effective cybersecurity measures, following the NIST Framework, and those activities designed to meet NERC CIP audit compliance.

The article contains this exchange with a FERC representative:

" Tuesday's House subcommittee hearing included a discussion of the NERC CIP and NIST security frameworks, and whether efforts to align them would result in better security for the electric sector. However, because the question is the subject of an open FERC proceeding, the commission's representative to the hearing was unable to answer lawmakers' questions. "

REA has filed comments on this FERC proceeding, Docket RM20-12-000;

I also recommend reading the press briefing transcripts for the 7/28 Memorandum; it mentions possible funding for these cybersecurity improvements for critical infrastructure.



No discussions yet. Start a discussion below.

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »