NERC CIP compliance: We’ve identified our critical assets, now what?”

Author

Mertz, Mike

Author_Institution

Southern California Edison Co., Alhambra, CA

fYear

2008

fDate

20-24 July 2008

Firstpage

1

Lastpage

2

Abstract

As we move through the NERC CIP compliance timeline toward ldquoauditable compliancerdquo, utilities are struggling to find reasonable solutions to meet compliance expectations. By now, most utilities have developed a risk-based assessment methodology, identified the relevant critical assets, and the design and implementation of technical solutions is well underway. Unfortunately, technical solutions cannot solve some of the most difficult challenges associated with compliance. Like many standards, the NERC CIP requirements tell only the ldquowhatrdquo, and offer little in the area of ldquohowrdquo. The following paper will identify some of the early compliance barriers and provide some recommendations for those on the front lines of compliance.

Keywords

electricity supply industry; risk management; security of data; NERC CIP compliance; North American Electric Reliability Council; critical assets; cyber security; public utilities; risk-based assessment; Best practices; Circuits; Communication system security; Costs; Digital communication; Electric shock; Environmental management; Information security; Protocols; Substations; Communication Protocols; Cyber Security; Digital Communication; Electric Systems; Gas Systems; SCADA; System Operations; Water Systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, 2008 IEEE

Conference_Location

Pittsburgh, PA

ISSN

1932-5517

Print_ISBN

978-1-4244-1905-0

Electronic_ISBN

1932-5517

Type

conf

DOI

10.1109/PES.2008.4596272

Filename

4596272