This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. 

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software and SAGScore™...

  • Member since 2018
  • 1,462 items added with 611,842 views
  • Jun 24, 2022
  • 281 views

I must admit, I do not understand why the Department of Energy CESER and Idaho National lab are publicly endorsing an international cybersecurity framework identified as IEC 62443, when so many of the US Grid operators have publicly endorsed and implement the NIST Cybersecurity Framework (NIST CSF), version 1.1.

The obvious question in my mind is, why is DOE CESER and INL not endorsing and promoting our own NIST Cybersecurity Framework, which is already used pervasively across US Grid operators and is recommended by NIST to meet cybersecurity requirements for the Cybersecurity Executive Order, 14028. Numerous government agencies will be called upon to implement NIST recommendations to meet Executive Order 14028, including DOE itself. 

This push by DOE CESER and Idaho National Lab appear to be taking place without any consideration to the investments Grid Operators have already made in implementing NIST standards and the powerful momentum to follow NIST standards and guidelines. Recommendations that fail to factor in "ground truths" are destined for failure, while consuming precious resources that could be used for the greater good.

IMO, this endorsement of IEC 62443 and commitment to work for adoption by DOE CESER and the Idaho National Lab are a distraction from working on the more important, mission critical goals of our nation and critical infrastructure, which are to protect critical infrastructure following NIST cybersecurity recommendations, in accordance with Executive Order 14028.

Actions that endorse and promote non-NIST recommendations, such as the endorsement of IEC 62443 by DOE CESER and INL, raise questions about our own Government's ability to collaborate across agencies and pull together in the same direction on cybersecurity solutions and spend tax payer money efficiently to solve the pressing cybersecurity problems we face today, such as ransomware.

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »