This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. 

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software and SAGScore™...

  • Member since 2018
  • 1,477 items added with 627,658 views
  • Feb 28, 2022
  • 461 views

The proposed CIP updates outlining cybersecurity requirements for virtual environments is now available for review at the link below. 

I have to say, after reading these changes to address virtual environments, it's going to be really difficult to implement some of these controls and prove that an entity is in compliance during a NERC/FERC audit. I was trying to think of an analogy to describe this challenge. This is almost equivalent to asking a cook with a bowl of scrambled eggs to extract each egg and put it back into its original shell.

For example, memory is a hardware device that is shared by all processes, how will a NERC jurisdictional entity prove that no memory was shared. Good luck with that one, operating systems optimize memory all the time and there is no way, that I'm aware of, to tell an OS to never share physical memory across processes. 

 

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »