[nSLUG] US FERC vs NERC

George N. White III gnwiii at gmail.com
Thu Dec 13 08:08:19 AST 2007


Everyone who manages 7/24 computer operations already spends too much
time/money on power
protection.   Reducing CO2 emissions ultimately means switching to
electric power, where there
are "green" sources and more options for cleaning stack emissions (CO2
capture, etc.).   In order
to use significant amounts of wind power, there has to be much better
control of the grid to deal
with fluctuating inputs as well as demands.  If this isn't done
properly, it creates all sorts of
opportunities for crooks.

See: http://money.cnn.com/news/newsfeeds/articles/newstex/AFX-0013-21569682.htm

Also <http://www.nerc.com/>:
"NERC is a self-regulatory organization that relies on the diverse and
collective expertise of industry participants. "

NERC is largely regarded as an industry ass-covering measure: "we
follow NERC policies; too bad your power
has been off for days, but you can't blame us" in US and Canada.
What is Canada doing about this?

SANS has:

TOP OF THE NEWS
 --FERC Trumps NERC CIP Standards: To Require Reporting on Actual
   Progress on Securing Systems
(11 December 2008)
The Federal Energy Regulatory Commission (FERC) issued notice that it
intends to immediately issue a directive requiring all generator owners,
generator operators, transmission owners and transmission operators
registered by NERC (North American Electric Reliability Corp.) to
provide information detailing the actions they have taken or intend to
take to protect against key cyber vulnerabilities.
http://money.cnn.com/news/newsfeeds/articles/newstex/AFX-0013-21569682.htm
[Editor's Note (Paller): This is a stunning development. NERC's cyber
security standards were coming to be seen as almost totally ineffective.
FERC's action will immediately shift industry action from NERC's focus
on compliance to a new focus on actually improving security and proving
the work is done.  Kudos to Chairman Langevin and Ranking Member McCaul
of the House Homeland Security Subcommittee on Emerging Threats and
Cyber Security whose recent hearings illuminate the problems at NERC.
Without their leadership, and the active efforts of Mike Peters at FERC,
this important action would not have happened until after a major
catastrophe.
How to navigate the new rules will be a key topic at the SCADA and
Control System Security Workshop in January in New Orleans.
See: http://www.sans.org/scada08_summit ]

-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia



More information about the nSLUG mailing list