O RSAW, RSAW, Wherefore art thou v5 RSAW?
I was just downloading the “Current RSAWs for Use” for review from the NERC site and found that the RSAWs on the NERC site have the v6 & v2 for the standards that are changing versions and are...
View ArticleGoing Above and Beyond CIP Requirements – Protecting Against Flash Drive Threats
We all know about Stuxnet, the computer worm that targets Siemens industrial control systems and was used to attack the uranium enrichment infrastructure in Iran. And most of us know that it was...
View ArticleWECC CIP Low Impact Workshop – July 7-8, 2015
Below are Encari’s key takeaways from the WECC CIP Low Impact Workshop in San Ramon, CA on July 7-8, 2015. While CIP-003-5 has been approved by NERC, discussions in this meeting were focused on on...
View ArticleWho Are You
Who are you? Who, who, who, who? (I really wanna know) The song Pete Townshend penned 40 years ago (that’s right, I said it, 40 years) asks a question that is relevant to NERC CIP compliance today. The...
View ArticleEncari’s takeaways from SANS webinar
Challenges and Strategies for Addressing the NERC CIP Version 5 Training Requirements Wednesday, July 15th Encari attended SANS webinar on July 15, 2015 regarding the challenges and strategies for...
View ArticleFERC Issues NOPR on the CIPv5 Revisions
While the title on FERC’s website may point in the direction of controls around supply chain. In just my initial pass of the document, the thing that immediately caught my eye was FERC’s directive...
View ArticleEncari’s Key Takeaways from WECC’s 7/16 Compliance Webinar
Encari attended WECC’s Compliance Open Webinar on July 16, 2015 regarding CIP-014. Below are Encari’s key takeaways. FERC approved CIP-014-2 on July 14, 2015, with the substantive change being removing...
View Article10th Anniversary of the Energy Policy Act of 2005
July 29 is the 10th anniversary of congressional approval of the Energy Policy Act of 2005, a key event in the genesis of the NERC CIP Reliability Standards. To mark this anniversary, let’s take a look...
View ArticlePasswords by the Numbers
NERC CIP-007-5 (Systems Security Management) Requirement 5 (System Access Control) requires that (for High and Medium Impact BES Cyber Assets) password lengths of at least eight characters and a...
View ArticleEncari’s Key Takeaways from SPP’s Webinar – Upcoming Standards
Encari’s Key Takeaways from SPP’s Webinar – Upcoming Standards on August 6, 2015 CIP-014-2 FERC directed NERC to develop a physical security standard on March 7, 2014. The order requires a standard,...
View Article