NERC CIP compliance insufficient to ensure electric system security
Posted on 15 November 2013.
Tripwire announced the results of a survey on North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance. The online survey was conducted from July through September 2013 and evaluated the attitudes of more than 100 IT professionals involved with NERC CIP compliance.


“Based on these results, only 30 percent of the industry feel they lack a clear understanding of the standards,” said Patrick Miller, partner and managing principal at The Anfield Group, a critical infrastructure security and compliance consultancy. “In reality, I think that number is higher. After we dig into the details and actually start implementing and auditing NERC CIPv5, I suspect many will realize their initial degree of understanding was overly optimistic.”

Key findings include:
  • 70 percent believe they have a clear understanding of all the current NERC CIP requirements.
  • 77 percent believe NERC CIP compliance is necessary to ensure the cybersecurity of the Bulk Electric System.
  • 70 percent, however, do not believe that NERC CIP compliance is sufficient to ensure the cybersecurity of the Bulk Electric System.
“It is encouraging that a majority of respondents acknowledge the value of NERC CIP compliance and the key role it plays in energy cybersecurity,” said Jeff Simon, director of service solutions for Tripwire. “Most respondents also acknowledge that NERC CIP compliance alone is not sufficient to ensure cybersecurity – they know compliance is just the start of an effective cybersecurity strategy.”





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //