CIP Standards Version 5 to expand on older versions, provide new cyber security
SUBNET Solutions Inc | Monday, September 12, 2011
In November 2011, Version 5 of the CIP Standards and Requirements Status is set to be issued, and will address more than 50 issues critical infrastructure faces on a regular basis. The North American Electric Reliability Corporation (NERC) has released a presentation on CIP standards throughout the years, and provides expectations for what Version 5 may hold.
The Department of Homeland Security defines critical infrastructure as "systems and assets, whether physical or virtual, so vital to the United States that [their] incapacity or destruction would have a debilitating impact on security, national economic security [and] national public health or safety," which includes the energy sector.
According to NERC, Version 5 will expand on previous drafts and use a similar content structure and terminology as previous CIP Standards, but will also set several new development goals.
The primary goal of Version 5 will be to address requirements-related directives set by Federal Energy Regulatory Commission orders that have not been previously discussed and to approve all interpretations within applicable existing requirements.
Another priority found within Version 5 will be cyber security, which was rigorously outlined in previous versions of the document.
In Version 4, NERC standards provided a cyber security framework that could identify and protect Critical Cyber Assets and ensure reliable operations of the Bulk Electric system.
The standards aim to differentiate the roles of each entity performed in the operation of the Bulk Electric System, as well as how critical and vulnerable each asset needed is to reliably manage the Bulk Electric System, and which risks pose the highest threat to them.
Cyber Assets are relied on by businesses and operational demands, as the need for managing and maintaining a sustainable Bulk Electric System is necessary for supporting critical functions and communications processes across various organizations. Services and data are also increasingly relying on Cyber Assets, resulting in increased risks to them.
According to FERC Order 706, Version 5 has been urged to "require a responsible entity to test the physical security measures on critical cyber assets more frequently than every three years," and will likely appear on the updated version.
However, the new document will not adopt consumers' recommendations that installing antivirus software in every system in an electronic perimeter is essential, as the consumers have not provided convincing evidence that any system is not directly vulnerable to attack from a virus.
SUBNET Solutions works with utilities to help them stay on the cutting edge of power transmission and substation automation.
Substation Cyber Security