Click here for the presentation slides!
- The fact that FERC issued a NOPR rather than an Order approving the CIP v5 Revisions (aka “CIP v6”) was surprising. We will speculate on why they did this.
- FERC requested comments on the definition of Low Impact External Routable Connectivity (LERC), which was included in CIP v6. What are they concerned about in the LERC definition? What does this mean for the very similar External Routable Connectivity (ERC) definition, which applies to High and Medium impact assets?
- FERC also was concerned about how NERC had addressed their directive on “communications networks”. Specifically, they question whether communications between control centers should be excluded from CIP; yet they don’t provide any workable suggestion on how these communications could be protected. What might they be looking for?
- Tom Alrich, Manager, Cyber Risk Services, Deloitte Advisory
- Steve Parker, President, EnergySec