Part of EnergyBiz® Network »

Utility Professionals Group

This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. 

Shared Link

Project 2016-02 Modifications to CIP Standards

Richard Brooks's picture
Richard Brooks 104,105
Co-Founder and Lead Software Engineer, Reliable Energy Analytics LLC

Dick Brooks is the inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software...

  • Member since 2018
  • 1,535 items added with 670,650 views
  • Feb 28, 2022
  • 503 views

The proposed CIP updates outlining cybersecurity requirements for virtual environments is now available for review at the link below. 

I have to say, after reading these changes to address virtual environments, it's going to be really difficult to implement some of these controls and prove that an entity is in compliance during a NERC/FERC audit. I was trying to think of an analogy to describe this challenge. This is almost equivalent to asking a cook with a bowl of scrambled eggs to extract each egg and put it back into its original shell.

For example, memory is a hardware device that is shared by all processes, how will a NERC jurisdictional entity prove that no memory was shared. Good luck with that one, operating systems optimize memory all the time and there is no way, that I'm aware of, to tell an OS to never share physical memory across processes. 

 

Project 2016-02 Modifications to CIP Standards

Mitigate the risk of CPU or memory vulnerabilities by preventing the sharing of CPU and memory resources between VCAs that are not of, or associated with, the same impact categorization. Examples of evidence may include, but are not limited to, documentation of the configuration or settings showing that the CPU and memory cannot be shared.

Read More
Source: www.nerc.com
Discussions

No discussions yet. Start a discussion below.

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »

Your access to Member Features is limited.

Apply for membership
Group Sponsors
Become a sponsor
Related Content
The need for correct, authenticated pressure measurements for reliability, safety, and cyber security
Stop Passing the Buck on Cybersecurity
300 million!
Geopolitics may help one Brazilian state get reliable and cheap electricity again.
Recent Comments
Matt Chester
Matt commented on ...
For Energy Central Community Members Heading to Distributech, Be Sure to Check Out Our Partners in Person
Let us know if you'll be there, too! We love meeting our Community Members in person. 
Audra Drazga
Audra commented on ...
Welcome Sujan Bose, New Expert in the Digital Utility Community- [an Energy Central Power Perspectives™ Expert Interview]
Welcome to our expert network!  I look forward to seeing you in the community! 
Audra Drazga
Audra commented on ...
Call for Articles - Predictions, Forecasts, and Anticipated Trends for the Power Industry in 2023 - [Energy Central Special Issue Series]
The Due date is coming up quickly - get your article in today!
Matt Chester
Matt commented on ...
Call for Articles - Predictions, Forecasts, and Anticipated Trends for the Power Industry in 2023 - [Energy Central Special Issue Series]
The deadline to participate is coming up on Monday-- it's not too late! Reach out to us now with your submissions or with any questions you have.