Protecting the smart grid requires a broader strategy.
NERC’s critical infrastructure protection (CIP) standards set a minimum level of security performance—and only for high-voltage transmission systems, not the distribution grid. A compliance-checklist approach to security might lack the adaptability needed to combat evolving threats like the Stuxnet worm. A multi-layered, risk-based approach will provide better protection for the emerging smart grid.
Utilities are gearing up for cyber security compliance. Will the standards prove worthy?
The NERC CIP standards represent an historic achievement. They include the first mandatory cyber security requirements of their kind to be imposed on a U.S. private-sector industry. Considering the scope and sensitivity of the grid-security issue, developing a set of enforceable standards inevitably would entail a complex and contentious process. From that perspective, NERC, FERC and the industry have made remarkable progress, and their efforts deserve accolades.