Wednesday, June 3, 2009

Put Yourself in FERC's Shoes Thinking Smart Grid Security

This article demonstrates well the dilemma facing NERC CTO Michael Assante and others trying to bring comprehensive, practical security measures to bear in the early days of the smart grid. Vendors of various security capabilities each get their two cents in creating a sense of a void in planning, and making it seem like NERC and the government will never get a handle on the complexities of smart grid security. But before you buy and deploy security products, you have to know what you're trying to accomplish: what you're protecting and from which types threats you're defending. Assante seems to understand the requirements building process:
The approval of [NERC's revised cyber security standards] is evidence that NERC's industry-driven standards development process is producing results, with the aim of developing a strong foundation for the cybersecurity of the electric grid," said Michael Assante, vice president and chief security officer at the NERC. However, he cautioned that these standards are not designed to address specific, imminent cybersecurity threats. For that, direct legislative action is needed.
Be glad you're not in NERC's position of separating the security technology wheat from the chaff on a daily basis. And keep a close watch on what they do next. I'd say so far, so good.

No comments: