Special Report on Cyber Security and CIP Compliance
Michael T. Burr is editor-in-chief of Public Utilities Fortnightly. Email him at burr@pur.com. Lori Burkhart is managing editor of Public Utilities Fortnightly. Scott M. Gawlicki, a Fortnightly contributor based in West Hartford, Conn., has been writing about the power industry for nearly 20 years. Contact Gawlicki at sgawlicki@excite.com.
Utilities across the United States are gearing up for compliance with the new critical infrastructure protection (CIP) standards. Those standards, however, have been written in ways that leave uncertainties about key issues—such as how utilities should identify infrastructure that is critical to the reliability of the bulk-power grid, and therefore subject to the standards.
Furthermore, the standards don’t cover infrastructure that most people would consider critical—such as local distribution networks and nuclear power plants.
In this special report on cyber security and the CIP standards, Fortnightly’s editorial staff attacks the topic from several angles, including:
• CIP Structure & Enforcement: Are the standards as loose as they appear to be? And what does that mean for compliance strategies?
• Defining ‘Critical Asset’: How are utilities applying NERC’s guidelines for identifying their critical assets?
• Aurora Test: What lessons were learned from last year’s dramatic test of SCADA vulnerabilities? Was it just a stunt, or a badly needed wake-up call?