In May 2, 2006, the NERC board of trustees adopted the Critical Infrastructure Protection Cyber Security Standard. This article provides some answers to questions in the form of security program...
Special Report on Cyber Security and CIP Compliance
Utilities across the United States are gearing up for compliance with the new critical infrastructure protection (CIP) standards. Those standards, however, have been written in ways that leave uncertainties about key issues—such as how utilities should identify infrastructure that is critical to the reliability of the bulk-power grid, and therefore subject to the standards.
Furthermore, the standards don’t cover infrastructure that most people would consider critical—such as local distribution networks and nuclear power plants.
In this special report on cyber security and the CIP standards, Fortnightly’s editorial staff attacks the topic from several angles, including:
• CIP Structure & Enforcement : Are the standards as loose as they appear to be? And what does that mean for compliance strategies?
• Defining ‘Critical Asset’ : How are utilities applying NERC’s guidelines for identifying their critical assets?
• Aurora Test : What lessons were learned from last year’s dramatic test of SCADA vulnerabilities? Was it just a stunt, or a badly needed wake-up call?
• Smart Grid Security : What do cyber security issues mean for the development of the smart grid? How will utilities address the special problems of an automated, inter-networked grid?
• FERC and the CIP NOPR : What do FERC’s marching orders and the industry’s reaction imply about federal policies on grid security? Can reliability and security standards co-exist within the NERC/ERO regime?
How the industry and its regulators resolve these questions will affect utilities’ strategic positions and tactical options on the fast-changing cyber-security battlefield.