Cybersecurity, Reliability & CIP

“One of the most underappreciated risks is the condition of aging thermal infrastructure. Without proactive life management, the utility sector risks unexpected failures. For regulators, this raises questions about how asset integrity is assessed and how lifecycle risk is factored into planning and rate cases.”

“Today, compliance and risk management resemble a constant turning puzzle, much like Rubik’s Cube. With every move, the alignment of risk and compliance across the organization is reshaped.”

“For many in the electric sector, the term baseline immediately evokes CIP-010-4 Requirement R1, a well-established standard for configuration management. But CIP-015-1 introduces a fundamentally different concept: behavioral baselining. Understanding this distinction is critical for compliance and cybersecurity effectiveness.”

“The intent is that all of you would have a resource to turn to when you’re evaluating utility risk management, cost recovery, financial mechanisms, and how to balance safety, reliability, and affordability when you’re considering utility investments to address wildfire.”

“We have a descriptive report. That’s the beginning in the formation of the Natural Gas Readiness Forum so the stakeholders can get back together and continue this work and continue to align these systems. It’s too important.”

“We identify who needs to be subject to our standards and let them know they have an impact on reliability so must meet our registration criteria. We register them and make sure they understand their mandatory responsibility for applying these standards. From the date of their effective registration, they’re subject to audits.”

“I always say we’re mainly an engineering firm. The way our CEO Jim Robb likes to describe it is we are the trade association of physics. We are thinking about the physics of the grid and how it plays out.”

“NERC has an important regulatory function, but we’re not doing it in an ivory tower. Everything we do is in close collaboration with industry and the regional entities. It’s a unique regulatory model that benefits from external expertise and provides the level of independence that ensures its credibility.”

“If frequency starts dropping that’s a problem because a lot of motors and adjustable motor drives are all counting on that frequency to operate. Solar panels do not provide frequency, they take frequency from the grid, unless you have grid-forming inverters, and right now we don’t.”

“We’re the only truly independent organization that doesn’t have a financial stake in outcomes. I don’t have to please anybody. My job is to tell the truth as I see it, back that up with facts, and help people interpret what the facts are saying.”