According to a report by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the energy industry faced more cyberattacks than any other industry sector from October 2012 through May 2013, and a successful attack on any of the country’s sixteen critical infrastructure sectors could have devastating results.
Tripwire has released the results of a survey which found that IT professionals are still unclear on the most recent version of the North American Electric Reliability Corporation’s (NERC) critical infrastructure protection (CIP) security controls.
The survey reveals that 70 percent of the respondents have a clear understanding of current NERC CIP compliance requirements, however, that confidence quickly evaporates in the face of the upcoming version – 62 percent of respondents say they do not understand the requirements of NERC CIP version 5.
“NERC CIP version 5 represents significant security and compliance changes and will affect most of North America’s power and utilities companies,” said Jeff Simon, director of service solutions for Tripwire.
“Although version 5 has been submitted but not yet approved by the Federal Energy Regulatory Commission, power and utility companies still need to understand the impact of the increase in scope and the need for automation. NERC CIP version 5 should already be a key part of their 2014 initiatives.”
Additional survey findings include:
- 55 percent are currently preparing to comply with NERC CIP version 5.
- 83 percent believe CIP version 5 will enhance the security of the Bulk Electric System (BES).
- 63 percent collect the majority of evidence needed for NERC CIP compliance audits manually or with limited support from automation.
- 57 percent do not have the automation tools in place to efficiently prepare for their next NERC CIP audit.
The online survey was conducted from July through September 2013 and evaluated the attitudes of more than 100 IT professionals.
Tripwire has helped registered entities achieve and maintain NERC compliance since 2008. With Tripwire’s NERC Solution Suite, organizations can access award-winning security configuration management and incident detection solutions, along with specialized intelligence including policy rules, correlation rules, tools, templates, customized reports and dashboards.
Together with customized services from NERC-experienced consultants, the NERC Solution Suite dramatically reduces the time and resources required to pass NERC CIP audits and minimize audit findings.
For more information, please visit: http://www.tripwire.com/company/research/update-nerc-survey-data/.