Part of EnergyBiz® Network »
Utility Professionals Group
This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry.
Shared Link
Project 2016-02 Modifications to CIP Standards
The proposed CIP updates outlining cybersecurity requirements for virtual environments is now available for review at the link below.
I have to say, after reading these changes to address virtual environments, it's going to be really difficult to implement some of these controls and prove that an entity is in compliance during a NERC/FERC audit. I was trying to think of an analogy to describe this challenge. This is almost equivalent to asking a cook with a bowl of scrambled eggs to extract each egg and put it back into its original shell.
For example, memory is a hardware device that is shared by all processes, how will a NERC jurisdictional entity prove that no memory was shared. Good luck with that one, operating systems optimize memory all the time and there is no way, that I'm aware of, to tell an OS to never share physical memory across processes.
Project 2016-02 Modifications to CIP Standards
Mitigate the risk of CPU or memory vulnerabilities by preventing the sharing of CPU and memory resources between VCAs that are not of, or associated with, the same impact categorization. Examples of evidence may include, but are not limited to, documentation of the configuration or settings showing that the CPU and memory cannot be shared.
Source: www.nerc.com
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
- Gas-Electric Harmonization Initiative in NAESB is on track to succeed
- FERC commissioners pursue market, non-market answers to ISO-NE’s ‘dire’ winter reliability risks
- Utilities That Lack a Data Analytic Platform are Driving Blind and at Risk
- OMB Memo Identifies Best Practices for Software Supply Chain Protections
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Your access to Member Features is limited.
Sign in to Participate