the State of Security

_NERC

Will the Critical Electric Infrastructure Protection Act fix anything?

by ~Previous Contributers

By:  Sean Sherman The announcement of the Lieberman/Thompson bill called the Critical Electric Infrastructure Protection Act is the latest response to a series of news-worthy events about the power industry and cyber security. These include: 1) a NERC survey of utilities where over a third of whom cannot identify any “cyber” assets which could be [...]

Read More

FERC/NERC New rules for Nuclear “facilities”

by ~Previous Contributers

By: Sean Sherman FERC – Federal Energy Regulatory Commission – released a new order on March 19th, 2009 that changes the scope of the NERC CIP (Critical Infrastructure Protection) rules to include “Facilities regulated by the U.S. Nuclear Regulatory Commission” – i.e. nuclear plants. This seems a straightforward ruling that says generation sources (especially 20% [...]

Read More

NERC Compliance Webinar Highlights: Working With Internal Audit

by ~Previous Contributers

Sean Sherman and I did a webinar on NERC compliance last week, which was very well received. The title was “Seven Practical Steps to Achieve and Maintain NERC Compliance.” We had over 100 people attend, and it was one of the most lively and interactive webinars I’ve seen in years. (Archived webinar link is here.) [...]

Read More

NERC: Practical Advice in Dealing with Vendors

by ~Previous Contributers

By:  Sean Sherman I’m just returning from the Platt NERC Compliance Conference that was held in Houston, TX this week. There is a re-occurring complaint from some folks that vendors are selling “silver bullets” for NERC compliance; implying “no problems with audits if you just buy product (insert product name here!)”. I am sure the [...]

Read More

Speak IT Security & Compliance to i5/OS

by Rekha Shenoy

IT Security and Operations have always spoken two different languages. But if you thought there was a chasm there, the chasm between the i5/OS administrator and the rest of the world is like the Grand Canyon! So does that mean the security and regulatory pressures don’t apply to the i5/OS infrastructure? To the contrary, we [...]

Read More