Part of EnergyBiz® Network »
Utility Management Group
Senior decision-makers come together to connect around strategies and business trends affecting utilities.
Shared Link
FERC oversight of pipeline reliability NOPR
This FERC NOPR is further evidence that NERC lacks the cybersecurity skills and knowledge to administer cybersecurity practices. This statement says it all:
Although the currently effective CIP Reliability Standards offer a broad set of cybersecurity protections, they do not address INSM [RJB: network monitoring]. This omission constitutes a gap in the CIP Reliability Standards. Including INSM requirements in the CIP Reliability Standards would ensure that responsible entities maintain visibility over communications between networked devices.
The gap FERC refers to, lack of network monitoring, has been a cybersecurity best practice for well over 20 years. This is why we need to put the cybersecurity experts at CISA in charge of cybersecurity practices across all critical infrastructure. The siloed approach to cybersecurity used by FERC/NERC is leaving the nation's electric grid vulnerable. Let's put our best foot forward on cybersecurity and put the experts at CISA in charge! Let NERC focus on what it does best, grid operation and planning for reliability.
Let CISA work directly with the NERC regional entities to provide guidance and support for CISA's cybersecurity best practices. Eliminate all of the extraneous and wasted labor we call "NERC CIP COMPLIANCE" and replace it with harsh financial penalties on any entity that suffers a cybersecurity breach from failing to follow CISA best practices. This would incentivize real security measures be taken, instead of wasting resources producing compliance paperwork.
FERC oversight of pipeline reliability NOPR
The Federal Energy Regulatory Commission issued a cybersecurity NOPR today directing North American Electric Reliability Corporation (NERC) to add "network monitoring" as a CIP standard. The real question is, why wasn't this function included in NERC CIP on day 1; network monitoring is a fundamental cybersecurity practice that has been in use for over 20 years. This NOPR is further proof that NERC lacks the cybersecurity expertise to define and administer effective cybersecurity policy. It's time to put the real cybersecurity experts at CISA in charge of all grid, and critical infrastructure cybersecurity practices.
Source: www.linkedin.com
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
- NAESB TO WORK WITH THE U.S. DEPARMENT OF ENERGY, LBNL, AND PNNL ON STANDARDS DEVELOPMENT TO SUPPORT MARKET INTEGRATION OF DISTRIBUTED ENERGY RESOURCES
- Is Energy’s decision not to name a political appointee to oversee cyber a mistake? | Federal News Network
- NACD Responds to SEC Rule Proposal on Public Company Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure
- There is no path of least resistance when it comes to Cybersecurity policies
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Your access to Member Features is limited.
Sign in to Participate