Why 334M People Should Care About Friday, July 1

By   ISBuzz Team
Writer , Information Security Buzz | Jun 30, 2016 04:48 pm PST

Utility companies nationwide are angst-ing about Friday. Not because it’s a long weekend, but because July 1 marks the end of the extended deadline for compliance – imposed by the Federal Energy Regulation Commission (FERC) –  with NERC’s(N. American Electric Reliability Corp.) Critical Infrastructure Protection (CIP) V5 standards.

Why is this important?

  • Organizations in NERC’s jurisdiction serve more than 334 million people, and includes users, owners, and operators of the bulk power system.
  • America’s energy plants and other critical infrastructure are immensely dependent on technology, yet legacy devices in our nation’s power grids don’t even have the memory necessary to be upgraded
  • Our national power and utilities plants at imminent risk for  attack – the likes of which we’ve recently seen in Japan, Ukraine.

In anticipation of this looming deadline, here’s a statement from Ray Rothrock, cybersecurity expert and CEO of RedSeal.

Ray Rothrock, Cybersecurity Expert and CEO at RedSeal:

ray rothrock“Critical infrastructure organizations need to act immediately, and anything less is failing to recognize that compliance means protecting the populace from the consequences of attacks intended to damage a nation. U.S. citizens have the right to expect that their country is building the necessary network models, and ensuring automated analysis and auditing of the as-built network to create essential cyber security and digital resilience; as well as aligning those efforts with industry best practices as reflected in the NERC CIP compliance requirements. Delays rarely result in what the various parties hope, as demonstrated by previous delays in the Payment Card Industry Data Security Standard, however I hope the extra time means compliance – and resilience –  is on the horizon.”