Tuesday, October 11, 2011

Electric sector security evolution: forward leaning exemplars vs compliance-focused knuckle draggers

This is the last of my posts from last week's Smart Grid Security Summit West, held in an unusually damp San Diego.

OK, knuckle draggers may be a little harsh. I apologize. But there may be a whole new approach emerging, to meeting security, privacy and compliance demands in the electric sector, and, depending on where you work when you read this, it's one I think you'll like a lot.

The outlines of a new approach appeared during the security metrics panel on day 1 and continued to resonate till the end of the conference on day 2, and basically it came across like this:

While the vast majority of utilities today seek to achieve an acceptable level of security and risk reduction via compliance with version 3 of the NERC CIPS, and preparation for what looks likely to come from NERC in subsequent versions, a couple of utilities, supported by their CEOs and/or empowered by recent crises, intend to set and implement higher-level security baselines for themselves.

I won't say who they are; it's probably best if you hear that directly from them or infer it yourself. But if these 2 can get the process started, and perhaps coax another 1 or 2 to join them, then they may be able to carve a wide path that many of the precedent-following rest can follow.

Imagine an industry where mere compliance with the lowest government enforced controls is no longer considered a best, or even a good business practice. Wait, this is starting to turn into a John Lennon song. Probably a good idea to stop here, but stay tuned for more on this.