- Feb 28, 2022 5:35 pm GMT
The proposed CIP updates outlining cybersecurity requirements for virtual environments is now available for review at the link below.
I have to say, after reading these changes to address virtual environments, it's going to be really difficult to implement some of these controls and prove that an entity is in compliance during a NERC/FERC audit. I was trying to think of an analogy to describe this challenge. This is almost equivalent to asking a cook with a bowl of scrambled eggs to extract each egg and put it back into its original shell.
For example, memory is a hardware device that is shared by all processes, how will a NERC jurisdictional entity prove that no memory was shared. Good luck with that one, operating systems optimize memory all the time and there is no way, that I'm aware of, to tell an OS to never share physical memory across processes.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.