Cyber Attack! - Defining 'Critical Assets'

Deck: 

ERCOT utilities approach CIP compliance from varying perspectives

Fortnightly Magazine - January 2008
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

As proposed by the North American Electric Reliability Corp., the new critical infrastructure protection (CIP) standards charge utilities with identifying their own critical assets and related cyber systems.

This approach allows great flexibility for utilities to apply the CIP standards to their particular situations. This will help ensure that their efforts focus on securing critical assets, rather than on complying with an overly prescriptive set of mandates that might or might not yield a secure grid.

The same flexibility, however, is creating an unnerving level of uncertainty among utilities facing a looming compliance deadline.

“You’ve got every organization under the sun taking their own guess about what should and shouldn’t be considered a critical cyber asset,” says Darren Highfill, CISSP and utility communications security architect for EnerNex Corp., an engineering and consulting firm based in Knoxville, Tenn. “Until the standards are finalized and NERC starts doing audits, we’re speculating about where the line will be drawn.”

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.