NERC got hit hard by Congress in the May Congressional Subcommittee Hearings, most notably on providing false information to Congress in the past. Some members of the Subcommittee went as far as saying NERC needed to be replaced as the ERO. There had to be some action plan by NERC to attempt to restore faith, [...]

After a few days of letting the Congressional Hearings on security of electric sector control systems sink in here are the three items I found most interesting and important.
1. The fact that NERC previously provided false information to Congress on Aurora mitigation efforts by the electric sector was a huge mistake, whether intentional or inadvertent. [...]

A GAO report on TVA’s control system security is out. This report along with the Congressional hearings are going to be hot topics over the next days and weeks.
Unfortunately we will not have much to say on this because we have a fair amount of inside knowledge covered under NDA. TVA is a partner in [...]

I’m sure many of you have been spammed by an email from TDI about a “NERC CIP Cyber Asset Alert”. I personally received three alert emails plus a blog spam. We get a lot of this type of material, but this one topped anything we have received lately in pure FUD and hype to promote [...]

Just a quick note. Want to help improve the NERC CIP cyber security standards? They are looking for industry experts to assist. Nominate yourself before April 4th.

Since leaving my post at a utility company and joining the Digital Bond team, my attention level to the NERC CIP saga has dropped off a bit. I’m back up to date now, though, after attending the SPP CIPWG meeting earlier this week. (SPP is the RTO and RE in my part of the [...]

Today FERC approved the NERC/ERO CIP cyber security standards for the electric industry. This was the right decision to avoid derailing progress.
What is most impressive are the comments in the press release and final rule.
They directed modifications and improvements. This is the Version 1.0, and it will get better and more stringent. Basically NERC/NRO needs [...]

After the furor of Aurora and the Congressional hearings FERC is proposing to collect “information in connection with steps being taken by the electric industry to address potential cyber vulnerabilities”. The proposing part of this equation has to do with the FERC rulemaking procedure and requirements for public comment which I don’t claim to be [...]

December 1. Can you believe it is only 7 months until Balancing Authorities and Transmission Operators who were required to self-certify to NERC 1200 will need to be compliant with 13 NERC CIP requirements? (hat tip: Ron Blume of Dyonyx).
Some of the 30 June 2008 requirements are:

Test procedures for significant patches and upgrades. This [...]

Representatives from NERC, Joe Weiss and a couple of other experts will be testifying tomorrow to a subcommittee of the House Committee on Homeland Security. Of course as nothing more than a researcher/consultant/humble blogger I was not asked to testify, so I’ll testify to the loyal readers. Maybe some staffer will Google this and get [...]