Blog Posts Tagged with "NERC CIP"


The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (5)


Companies Focus on Growth But Lag Behind Threats

June 20, 2012 Added by:Bob Radvanovsky

Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...

Comments  (0)


The Need for Improved Critical Infrastructure Protection

June 13, 2012 Added by:William Mcborrough

Tackling the problem of critical infrastructure protection will take concerted efforts from the public and private sectors. An appropriate governance structure is needed to avoid the inevitable over-reaction that will follow the inevitable catastrophic attack against our critical infrastructure...

Comments  (4)


Smart Grid Security, Challenges and Change

May 08, 2012 Added by:Larry Karisny

The cost and time of trying to become compliant with guidelines and standards will put smart-grid security years off before it can achieve any security solutions. There must be a way out of what people in the security business are now calling the "smart grid security circus"...

Comments  (0)


Are ICS Vendors Really to Blame for Insecure Systems?

April 27, 2012 Added by:Joe Weiss

The implication is that vendors aren’t interested in securing their legacy products. I do know that many ICS vendors supporting the electric industry are frustrated because the utilities may not be required to actually secure these systems to be NERC CIP compliant...

Comments  (0)


Are DOE and DHS Helping to Secure the Infrastructure or Not?

March 08, 2012 Added by:Joe Weiss

DOE and the utilities are in an effort to secure the Grid. Yet the utilities voted down Version 5 of the NERC CIPs. Many of the devices that have been demonstrated to be vulnerable would not be addressed by NERC. Who is responsible for protecting critical infrastructure?

Comments  (0)


AlienVault Releases SCADA SIEM for Critical Infrastructure

May 31, 2011 Added by:Headlines

"We have a solution that can address the security and compliance needs of customers in process control industries including electric power utilities, public works and oil & gas. You just cannot get that level of capability, reliability and integration with legacy IT or ICS solutions..."

Comments  (0)


Debriefing: NERC CIP 011 Standards

March 31, 2011 Added by:Ron Lepofsky

The standards have been recently filed with FERC for approval for the US and with a variety of Canadian provincial authorities. To assist on CIP developments directly from the NERC site, I'm providing a navigation guide to get you directly to where you need to go...

Comments  (3)


Do You Know About Heavyweight NERC CIP 011-1?

March 13, 2011 Added by:Ron Lepofsky

Electrical utilities are already challenged with the process of becoming certified for compliance with the NERC CIP standard for IT security. The NERC CIP standard is evolving, thank goodness. Perhaps you haven’t noticed the innocuous sounding proposed new standard now in the creation process...

Comments  (2)


What’s the Threat? Smart Grid or Dazed Defenders

February 21, 2011 Added by:Ron Lepofsky

NERC CIP standards are written expressly for electrical utilities. If rigorously deployed they are a material step towards security. A more comprehensive set of security control within COBIT, upon which IT SOX compliance is based, should be considered for hardening the electrical grid...

Comments  (0)