
Utility Management Group
Senior decision-makers come together to connect around strategies and business trends affecting utilities.
Shared Link
FERC oversight of pipeline reliability NOPR
This FERC NOPR is further evidence that NERC lacks the cybersecurity skills and knowledge to administer cybersecurity practices. This statement says it all:
Although the currently effective CIP Reliability Standards offer a broad set of cybersecurity protections, they do not address INSM [RJB: network monitoring]. This omission constitutes a gap in the CIP Reliability Standards. Including INSM requirements in the CIP Reliability Standards would ensure that responsible entities maintain visibility over communications between networked devices.
The gap FERC refers to, lack of network monitoring, has been a cybersecurity best practice for well over 20 years. This is why we need to put the cybersecurity experts at CISA in charge of cybersecurity practices across all critical infrastructure. The siloed approach to cybersecurity used by FERC/NERC is leaving the nation's electric grid vulnerable. Let's put our best foot forward on cybersecurity and put the experts at CISA in charge! Let NERC focus on what it does best, grid operation and planning for reliability.
Let CISA work directly with the NERC regional entities to provide guidance and support for CISA's cybersecurity best practices. Eliminate all of the extraneous and wasted labor we call "NERC CIP COMPLIANCE" and replace it with harsh financial penalties on any entity that suffers a cybersecurity breach from failing to follow CISA best practices. This would incentivize real security measures be taken, instead of wasting resources producing compliance paperwork.
FERC oversight of pipeline reliability NOPR
The Federal Energy Regulatory Commission issued a cybersecurity NOPR today directing North American Electric Reliability Corporation (NERC) to add "network monitoring" as a CIP standard. The real question is, why wasn't this function included in NERC CIP on day 1; network monitoring is a fundamental cybersecurity practice that has been in use for over 20 years. This NOPR is further proof that NERC lacks the cybersecurity expertise to define and administer effective cybersecurity policy. It's time to put the real cybersecurity experts at CISA in charge of all grid, and critical infrastructure cybersecurity practices.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Sign in to Participate