The fallacy that the electric grid is cybersecure by meeting the NERC CIPs is finally being exposed. Situational awareness is based on process sensor input that is incorrectly assumed to be uncompromised, authenticated, and correct. Because process sensors use non-routable protocols, they have not been considered to be NERC Cyber Assets. Depending on the situation, it only takes one compromised sensor (malicious or unintentional) using non-routable communications to cause critical system impacts. Moreover, process sensors are not capable of providing information to SIEM systems, etc. to meet NERC CIP monitoring requirements. At the March 20, 2025 FERC/NERC supply chain risk management workshop, FERC and NERC representatives acknowledged the exclusion of process sensors because of non-routable communications and the “Electronic Security Perimeter” issue need to change because compromise of process sensors can affect the reliable operation of Bulk Electric Systems within 15 minutes of being impaired. Specifically, NERC stated: “Let's go specifically to sensors. If that information provided data to a dispatcher, that could within 15 minutes affect his decision, then it meets the definition of a cyber asset and as such, would fall under the standards”. FERC responded: “And every sensor would matter.” Consequently, process sensor cyber security training and sensor monitoring at the device/physics level should be implemented because utilities cannot meet the requirement to identify bad sensor data that could affect the systems or lead to bad operator decisions.
