The Challenge of Implementing NERC's Cyber Standard

Deck: 

How to develop, implement, and operate a security program.

Fortnightly Magazine - September 2006
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

In May 2, 2006, the North American Electric Reliability Council (NERC) board of trustees adopted the Critical Infrastructure Protection (CIP) Cyber Security Standard. The comprehensive standard—which addresses asset identification, security management controls, personnel and training, perimeter security, systems security, incident reporting and response planning, and recovery plans—is intended to “ensure that all entities responsible1 for the reliability of the bulk electric systems2 in North America identify and protect critical cyber assets3 that control or could impact the reliability of the bulk electric systems.”

On July 20, 2006, the Federal Energy Regulatory Commission (FERC) certified NERC as the Electric Reliability Organization (ERO) charged with the responsibility to develop and enforce bulk-power system4 reliability standards. The forthcoming mandatory enforcement provisions of the standard raise a number of burning questions for electric utilities:

• How much of an effort will it take in terms of cost and time to develop, implement, and sustain a compliant security program?

• How do the provisions of the standard relate to existing security programs?

• What additional processes, procedures, policies, organizational resources, and additional information support infrastructures (software or hardware) will be required?

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.