The Federal Energy Regulatory Commission (FERC) published a notice of proposed rulemaking (NPRM), suggesting updates to the Critical Infrastructure Protection Reliability Standard governing cybersecurity management controls for bulk electric system (BES) assets, called CIP-003. The CIP program is a collection of standards designed to address the security of the bulk power system. Edgard Capdevielle, CEO at Nozomi Networks commented below.
“Over the last decade NERC CIP regulations have helped propel cybersecurity programs for large scale power producers forward. The move to expand to low impact operators is therefore not a surprise, and should be welcomed.
“That said, it’s a common adage in the industry that regulations alone do not ensure cybersecurity, but what it does is ensure the issue is elevated which generates awareness amongst top management. In tandem, guidelines can also fuel the basics of a cybersecurity program and many power producers have used these regulations as a foundation for their own cybersecurity programs.
“In recent years we have seen grid security surge forward, perhaps in spite of regulation, as resilience is recognized as essential to all those operating the grid. Fortunately for power system operators of all sizes, new technology innovations are giving operators the tools to rapidly identify and mitigate cybersecurity threats to the systems that operate power generation and distribution.”
FERC Proposes Updates To Critical Infrastructure Protection Standards For Cybersecurity
The Federal Energy Regulatory Commission (FERC) published a notice of proposed rulemaking (NPRM), suggesting updates to the Critical Infrastructure Protection Reliability Standard governing cybersecurity management controls for bulk electric system (BES) assets, called CIP-003. The CIP program is a collection of standards designed to address the security of the bulk power system. Edgard Capdevielle, CEO at Nozomi Networks commented below.
Edgard Capdevielle, CEO at Nozomi Networks:
“That said, it’s a common adage in the industry that regulations alone do not ensure cybersecurity, but what it does is ensure the issue is elevated which generates awareness amongst top management. In tandem, guidelines can also fuel the basics of a cybersecurity program and many power producers have used these regulations as a foundation for their own cybersecurity programs.
“In recent years we have seen grid security surge forward, perhaps in spite of regulation, as resilience is recognized as essential to all those operating the grid. Fortunately for power system operators of all sizes, new technology innovations are giving operators the tools to rapidly identify and mitigate cybersecurity threats to the systems that operate power generation and distribution.”
Recent Posts
Cybersecurity Leaders Are Anticipating Mass Resignations Within The Year – Here’s Why
UnRAR Vulnerability Lets Attackers Hack Zimbra Webmail Servers
NFT Giant OpenSea Reports Major Email Data Breach
Kaseya Ransomware – Cyber Leader’s Thoughts & Learnings One Year Later
External Exposures caused 82% Of All Q1 Cyber Attacks – Expert Comments