Cyber Attack! CIP Goes Live

Deck: 

Utilities are gearing up for cyber security compliance. Will the standards prove worthy?

Fortnightly Magazine - January 2008
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

When Alison Silverstein limped into an Arlington, Va., hotel meeting room in March 2002, few would have guessed the woman on crutches would throw down such a heavy gauntlet.

But broken foot notwithstanding, the senior policy adviser to then-FERC Chairman Pat Wood carried a weighty ultimatum. Just six months after the 9/11 terrorist attacks, she told members of the NERC Critical Infrastructure Protection Committee to secure the grid, or the federal government would secure it for them.

Actually Silverstein’s message was slightly more nuanced.

“I gave them two options,” she says. “One, you write the rules you want to live with; or two, I’ll get a bunch of federal bureaucrats who don’t know much about the utility industry to draft a set of rules. And you know what bureaucrats will do.”

The committee got the message. NERC began developing standards and guidelines for its members to use in securing the nation’s critical power infrastructure, particularly against cyber attack or misuse. But disagreements over the details — especially potential compliance costs — delayed the process and forced multiple revisions that made the standards more flexible and easier for the industry to meet.

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.