Wednesday, July 27, 2016

FERC is about to Strengthen the Critical Infrastructure Protection (CIP) Requirements

Security is (so far) likely the most crucial key word in 2016. We all want to live in a secure world with a secure power delivery system and many other infrastructures.
There are many rules set by well known standard setting organizations. One is the US Federal Energy Regulatory Commission (FERC). They have published the Critical Infrastructure Protection (CIP) Reliability Standards years ago. Usually the rules are improved after something serious happened. What happend some months ago? Yes, the Dec 23, 2015 cyber attack on the electric grid in Ukraine.
A lot of reports have been published recently.
FERC seeks comments (in this summer) on possible modifications to the CIP Reliability Standards - and any potential impacts on the operation of the Bulk-Power System resulting from such modifications - to address the following matters:
  1. separation between the Internet and BES Cyber Systems in Control Centers performing transmission operator functions; and
  2. computer administration practices that prevent unauthorized programs from running, referred to as “application whitelisting,” for cyber systems in Control Centers.
Click HERE to access the FERC Docket No. RM16-18-000 that has all the details.

Security standards are one measure to improve the protection of technical systems - but the most crucial issue is: TRUST! Trust is what it's really all about. I hope that all readers of this IEC 61850 blog trust me! I do my best!

By the way, the security requirements on paper or in a PDF document do not protect any system. It is the human beings (you can trust) that have to understand the complexity of the power delivery system, the software applications, communication, and administration of the hardware and software. This requires well educated people - educated in many different (or even all) domains -, sufficient resources, and decisions to implement what is needed.

Rene Descartes (1596-1650) understood it already very well what we have to do: "Hence we must believe that all the sciences are so interconnected, that it is much easier to study them all together than to isolate one from all others. If, therefore, anyone wishes to search out the truth of things in serious ernest, he ought not to select one special science, for all the sciences are cojoined with each other and interdependent."

And: Teamwork makes the dream work!

Stay safe!

No comments: