Abstract
The NERC CIP standards were designed to prevent potentially devastating cyberattacks on the control systems that run the North American Bulk Electric System (BES). While these standards have undoubtedly contributed to making the BES much more secure, they also suffer from some serious — and escalating — problems that are pushing them toward the point that in a few years the North American Electric Reliability Corporation — Critical Infrastructure Protection (NERC CIP) standards may be seen as causing more harm than good. This paper describes what the author believes to be the four most important problems with NERC CIP and discusses their causes and effects. The paper concludes with a set of general principles that could be used to construct a new NERC CIP compliance regime (including the standards themselves and the rules for enforcing them) that would avoid these problems and set NERC CIP on a sustainable track, so that the standards can continue to be seen as a powerful force for improvement of the security of the electric power grid. The paper provides ‘lessons learned’ not just for NERC CIP, but for other mandatory cyber security standards as well. The author hopes that these lessons learned will be applied in practice.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
