On March 16 2023, FERC issued a new Order approving NERC CIP-003-9 introducing new requirements for vendor electronic remote access security controls to low impact BES Cyber Systems. These new security controls are intended to allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.
Read MoreFERC has approved new cybersecurity standards to improve risk management practices and supply chain risk management for low impact assets. The new standards, designated CIP-003-9, require utilities to establish and maintain a documented supply chain cyber risk management plan and implement vendor-focused cybersecurity protections for their low impact BES Cyber Systems.
Read MoreWhile encryption meets the security objective of CIP-012, entities can utilize additional security controls to provide a defense in depth approach and in some cases utilize controls other than encryption.
Read MoreDavid Foose, a former vendor, takes us on a brief walk through the history and the justifications Supply Chain Security and the birth of NERC CIP 13. With this, we explore what might have been and where it may have unfortunately veered off into constant contract negotiation entities find themselves today.
Read MoreI helped write and establish the NERC CIP regulations. But now I want change. There is a way to save time, money and headaches while actually improving security for critical infrastructure.
Read MoreTwo industry veterans who cultivated NERC CIP over the past 20 years discuss how it all started, and what’s next for electric power industry security regulations. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Carter Manucy, a utility IT/OT Security Director, talk about the regulation that changed the electric sector cybersecurity landscape forever.
Read MoreTwo key people who helped start NERC CIP 20 years ago talk about how and why it came together, and where it could go next. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Earl Shockley, a former leader at NERC, talk about this momentous regulation that changed the electric sector cybersecurity landscape forever.
Read MoreWater is essential for life – in so many ways. It’s so essential, we should do whatever is necessary to have a safe, reliable, and secure water/wastewater system, right? But from what I have seen both personally and in many public reports, we’re far from it. So, what is necessary to secure the water sector in the US?
Read More
