Waiting on NERC: What's Next for Cyber-Security?

Deck: 

As NERC’s CIP standards advance, utilities move ahead, haltingly, with implementation.

Fortnightly Magazine - August 2006
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

Price and supply issues dominate the discussion in the electric industry in the summer of 2006, but it wasn’t long ago that another issue—security—captured the industry’s attention. Now, it’s back again.

In the aftermath of Sept. 11, 2001, physical security issues came to the fore. How could plants be protected against terrorist attacks? After the 2003 Northeast Blackout, cyber-security concerns, never far from the front burner, began to predominate.

“[Security is] a major issue with our members,” says Edison Electric Institute spokesman Jim Owen. “Security, both physical and cyber, very much remains on the radar screen of our senior management.”

While the North American Electric Reliability Council (NERC) has put together standards addressing both areas of security—physical and cyber (see sidebar “Fox, Deer, and Pranksters”)—it’s the organization’s proposed cyber-security efforts that passed another milestone in June, with the passage of Critical Infrastructure Protection (CIP) standards.

Refinements to the standard are still to come. At press time, the newly passed standards had been assessed by the Federal Energy Regulatory Commission (FERC), and the comment period had just closed for utility-industry participants affected by the standards. The commission would not officially comment about ongoing proceedings.

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.