Deadline Looms for New Cyber-Security Standard

Deck: 

NERC's proposal has the industry scrambling.

Fortnightly Magazine - August 2005
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

As the balloting process for new cyber-security standards from the North American Electric Reliability Council (NERC) drew to a close, the industry group was gearing up for the difficult tasks ahead: ensuring rapid implementation of the new standards among NERC's members.

The new standards are scheduled for approval no later than Nov. 1, 2005, with compliance assessments to follow in 2006.

"Everybody would like to have [complied] yesterday, but the reality of it is that it's going to be a couple of years out before real compliance is there," says Dave Harries, system administrator with Pacificorp.

But first the new NERC standards, CIP-002-1 (Critical Infrastructure Protection) through CIP-009-10, need to be approved by NERC's membership-with the final balloting process scheduled shortly after press time for this article. The new standards advance and expand upon the NERC 1200 standard, adopted by NERC in August 2003, following approval by the industry in July 2003, although the timing of the approval, not too long after the Sept. 11, 2001, terrorist attacks, wasn't tied to those attacks.

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.