Skip to content ↓ | Skip to navigation ↓

Despite recent successful Iranian attacks, few U.S. energy companies are complying with the Federal Energy Regulatory Commission’s voluntary anti-Struxnet measures.

Is it possible for voluntary measures to be effective in protecting critical infrastructure?

Listen to Episode 80 of our Security Slice podcast and hear Tim Eriln, Andrew Storms and Dwayne Melançon discuss the successful ingredients behind PCI, the benefits and drawbacks of unilateral enforcement of security measures and why reports on damage are more important than risks.


Listen to the podcast now


Title image courtesy of ShutterStock

Tripwire University
  • philA

    If done right, the voluntary cybersecurity framework may set a new bar for basic cyber hygiene and due care.

    What new liability does this bring?
    Will voluntary practices be so voluntary in the long run?
    Are we setting up new safety protocols for cyber?
    Who will comply?
    Will the government be able to keep up? Comply themselves?

  • I hear ya Phil. It seems voluntary may be more agile and responsive to changes in the market than anything a bureaucracy could produce, but voluntary never seems to have any real "edge". Worse yet (IMHO) is a system like PCI where a few overlords protect their own self interests at the expense of the industry, merchants and consumers…