Special Report on Cyber Security and CIP Compliance
Michael T. Burr, Lori A. Burkhart and Scott M. Gawlicki
Utilities are gearing up for compliance with the new CIP standards. NERC, however, has taken a flexible approach to implementation that leaves some companies confused. Can utilities comply by 2009, and will their measures be effective in securing the grid?
NERC’s new cyber security rules may minimize cost of compliance, but they leave utilities guessing on how to identify risks.
Liam Baker, vice president for regulatory affairs at US Power Generating, questions whether his company’s power plants and control systems in New York and Massachusetts must comply with the electric industry’s new mandatory standards for cyber security. Baker voiced his doubts in written comments he filed in October with FERC.
Before the hearings started, I felt the number of critical cyber assets for a medium size utility would be on the order of several thousand, not 20 as some major utilities are identifying under the CIP standards. This should be a red flag for the industry.
Grid reliability depends on ‘reasonable business judgment’
Michael T. Burr, Editor-in-Chief
The word “security” no longer means what it used to mean. Now, “security” means gates, guards and guns. It means protecting critical assets with a multi-layered cyber and physical perimeter. It means exercising vigilance and caution, and accepting inconvenience as a matter of routine.
Production constraints and demand pressures mean high gas prices are here to stay.
George Given and Gary L. Hunt
Volatility in energy prices is both a scary and wonderful thing. It brings risks that must be managed under uncertain future conditions. It also brings opportunities to profit from price movement and competitive market advantages exploited through strategy, skill and luck. Just how good the outcome of such volatility can be depends on how well each market participant studies the fundamentals, manages uncertainty and remains flexible.
FERC would relax price caps—sending rates skyward—to encourage customers to curtail loads.
About four months ago, at a conference at Stanford University’s Center for International Development, the economist and utility industry expert Frank Wolak turned heads with a not-so-new but very outrageous idea.
Independent system operators and regional transmission organizations recognize the value in having a common IT architecture.
In today’s modern business environment, standards for products and services have become common—and expected—practice. The time is right for creating a common language among the critical software tools needed to deliver a reliable, competitively priced supply of electricity through today’s integrated power grids and wholesale market structures.
NERC’s first critical-infrastructure standard is now enforceable. But cyber rules await approval.
Cyber standards proposed by the North American Electric Reliability Corp. are in limbo this summer, although the Federal Energy Regulatory Commission anticipates taking action on them soon. Once approved, however, how will the two organizations work together to enforce compliance?
Why predictions from the Energy Information Administration may contain systematic errors.
Timothy J. Considine, Ph.D. and Frank A. Clemente, Ph.D.
Natural-gas estimates from the Energy Information Administration (EIA) are supposed to be “policy neutral.” Are they? Over the past decade, EIA forecasts for NG differ substantially from actual outcomes—even though overestimations of supply capabilities could lead to underestimating the costs of carbon regulations.
Five effective strategies for managing escalating input costs.
It is time to adapt to new rules of the game, and change procurement tactics. Read these five effective strategies for managing escalating input costs.