- Jan 20, 2022 10:02 pm GMT
This FERC NOPR is further evidence that NERC lacks the cybersecurity skills and knowledge to administer cybersecurity practices. This statement says it all:
Although the currently effective CIP Reliability Standards offer a broad set of cybersecurity protections, they do not address INSM [RJB: network monitoring]. This omission constitutes a gap in the CIP Reliability Standards. Including INSM requirements in the CIP Reliability Standards would ensure that responsible entities maintain visibility over communications between networked devices.
The gap FERC refers to, lack of network monitoring, has been a cybersecurity best practice for well over 20 years. This is why we need to put the cybersecurity experts at CISA in charge of cybersecurity practices across all critical infrastructure. The siloed approach to cybersecurity used by FERC/NERC is leaving the nation's electric grid vulnerable. Let's put our best foot forward on cybersecurity and put the experts at CISA in charge! Let NERC focus on what it does best, grid operation and planning for reliability.
Let CISA work directly with the NERC regional entities to provide guidance and support for CISA's cybersecurity best practices. Eliminate all of the extraneous and wasted labor we call "NERC CIP COMPLIANCE" and replace it with harsh financial penalties on any entity that suffers a cybersecurity breach from failing to follow CISA best practices. This would incentivize real security measures be taken, instead of wasting resources producing compliance paperwork.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.