NERC to utilities: Reduce cyber security risk
In a letter to the electric utility industry, Michael Assante, chief security officer for NERC (National Electric Reliability Corporation), is delivering a diplomatic but pointed message: By trying to avoid regulation, utilities are putting the electrical system at risk. In this case, cyber security risks may have increased because of the way some electric utilities are approaching regulatory c...
In a letter to the electric utility industry, Michael Assante, chief security officer for NERC (National Electric Reliability Corporation), is delivering a diplomatic but pointed message: By trying to avoid regulation, utilities are putting the electrical system at risk. In this case, cyber security risks may have increased because of the way some electric utilities are approaching regulatory compliance.
New regulations intended to protect the bulk electric grid are aimed at assets that have been classified as “critical.” The specific definition identifies assets that “if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System.” In an apparent effort to avoid regulation, utilities are reporting that they have relatively few plants and parts of their distribution networks that qualify under the definition.
NERC’s view is that the utilities are not really considering how interconnected all the parts of the system are and are therefore drastically undercounting those that should fall appropriately under the regulation. Assante’s suggestion is that utilities perform their analysis again beginning with the assumption that all assets are critical unless there are clear reasons that they can be ruled out, rather than the reverse.
As the letter states, “NERC is requesting that entities take a fresh, comprehensive look at their risk-based methodology and their resulting list of CAs [critical assets] with a broader perspective on the potential consequences to the entire interconnected system of not only the loss of assets that they own or control, but also the potential misuse of those assets by intelligent threat actors. Although it is the responsibility of the Registered Entities to identify and safeguard applicable CAs, NERC and the Regional Entities will jointly review the significant number of…entities that reported having no CAs to determine the root cause(s) and suggest appropriate corrective actions, if necessary.”
- Events & Awards
- Magazine Archives
- Oil & Gas Engineering
- Salary Survey
- Digital Reports
Annual Salary Survey
After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.
The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.