Senior decision-makers come together to connect around strategies and business trends affecting utilities.

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software and SAGScore™...

  • Member since 2018
  • 1,475 items added with 627,038 views
  • Oct 4, 2021
  • 387 views

There are several good reasons to rethink the current cybersecurity paradigm to protect the entire electric Grid:

  • NERC policies are limited to the Bulk Electric System only; this becomes a bigger issue as more DER comes onto the Grid, per FERC Order 2222. These DER devices should also be protected against cyber threats, which NERC does not cover today
  • NERC's 15 minute rule used to decide which assets are subject to cybersecurity requirements enables threat actors to use tactics, techniques and procedures that "get around" the 15 minute rule by implementing attacks that occur outside of the 15 minute window. The 15 minute rule is bad for grid cybersecurity. All grid cybersecurity risks with a high potential impact and high likelihood, following NIST standards, should be addressed, regardless of how long the risk takes to manifest in grid impacts.
  • NERC E-ISAC is a closed community that does not allow cyber security information reporting and dissemination with parties outside of NERC BES. Incident reporting is critically important to helping secure the grid; legislation is proceeding in Congress that will make CISA the reporting entity for cyber incidents across all critical infrastructure, not just the BES as NERC provides. 
  • NERC lacks the level of cybersecurity expertise that exists with  CISA. CISA has the cybersecurity experts that the entire Nation depends on. It makes sense to put our cybersecurity experts at CISA in charge of cybersecurity policies to protect the electric grid, in its entirety, along with other interdependent critical infrastructure, i.e. Gasoline, Oil, Natural Gas, Communications, Transportation, Water, Healthcare and others.

I agree with FERC Chairman Glick, it's time to rethink cyber security policies and administration across the BES and indeed the entire electric grid.

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »