Utility companies nationwide are angst-ing about Friday. Not because it’s a long weekend, but because July 1 marks the end of the extended deadline for compliance – imposed by the Federal Energy Regulation Commission (FERC) – with NERC’s(N. American Electric Reliability Corp.) Critical Infrastructure Protection (CIP) V5 standards.
Why is this important?
- Organizations in NERC’s jurisdiction serve more than 334 million people, and includes users, owners, and operators of the bulk power system.
- America’s energy plants and other critical infrastructure are immensely dependent on technology, yet legacy devices in our nation’s power grids don’t even have the memory necessary to be upgraded
- Our national power and utilities plants at imminent risk for attack – the likes of which we’ve recently seen in Japan, Ukraine.
In anticipation of this looming deadline, here’s a statement from Ray Rothrock, cybersecurity expert and CEO of RedSeal.
Ray Rothrock, Cybersecurity Expert and CEO at RedSeal:
“Critical infrastructure organizations need to act immediately, and anything less is failing to recognize that compliance means protecting the populace from the consequences of attacks intended to damage a nation. U.S. citizens have the right to expect that their country is building the necessary network models, and ensuring automated analysis and auditing of the as-built network to create essential cyber security and digital resilience; as well as aligning those efforts with industry best practices as reflected in the NERC CIP compliance requirements. Delays rarely result in what the various parties hope, as demonstrated by previous delays in the Payment Card Industry Data Security Standard, however I hope the extra time means compliance – and resilience – is on the horizon.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.