How can we effectively regulate grid security?

Abstract

The NERC CIP standards were designed to prevent potentially devastating cyberattacks on the control systems that run the North American Bulk Electric System (BES). While these standards have undoubtedly contributed to making the BES much more secure, they also suffer from some serious — and escalating — problems that are pushing them toward the point that in a few years the North American Electric Reliability Corporation — Critical Infrastructure Protection (NERC CIP) standards may be seen as causing more harm than good. This paper describes what the author believes to be the four most important problems with NERC CIP and discusses their causes and effects. The paper concludes with a set of general principles that could be used to construct a new NERC CIP compliance regime (including the standards themselves and the rules for enforcing them) that would avoid these problems and set NERC CIP on a sustainable track, so that the standards can continue to be seen as a powerful force for improvement of the security of the electric power grid. The paper provides ‘lessons learned’ not just for NERC CIP, but for other mandatory cyber security standards as well. The author hopes that these lessons learned will be applied in practice.