Revenge of the NERCs?

Thursday, October 04, 2012

Tripwire Inc


Article by Chris Orr

So I don’t want you to get the impression that I am just another hot booth babe despite the fact that I am at another trade show… The one I am attending is the 8th Annual EnergySec Security Summit here in lovely downtown Portland, OR. In fact the show is taking place right across the street from our corporate headquarters…

In attendance is a very wide range of players in the energy industry from the techies who literally run the infrastructure that delivers power to the sockets in your walls to the CISOs who run these billion dollar organizations that make up the power grid that keeps the lights on.

It’s interesting when you think about why they are here. In this age of Stuxnet and Flame and other nasty little bugs that are targeted directly at the hardware and software that runs power plants and substations the need for better levels of security has never been more apparent.

Lets set aside television shows on NBC like Revolution or books like One Second After. Even mass media outlets are getting on the bandwagon. When the power goes out everyone is affected.

There are two tracks here at the show. A technical track diving into the bits and bytes of security and a compliance track where the underlying theme is very similar to the one that Tripwire has been pushing lately: connecting security to the business. Why is it important to protect this infrastructure? How do you detect malware without anti-virus? What do you need to do to correct the situation?

Everybody recognizes that the pirates are trying to board this particular ship. What this show is all about is how to repel them…

At the core of the whole discussion are the NERC CIP requirements. For those not in the know NERC is the North American Electric Reliability Corporation and they publish the Critical Infrastructure Protection (CIP) standards that energy producers need to comply with.

These are the standards that the IT Ninja for these energy producers must use when they are trying to repel said pirates. The technical track here has sessions titled: Doubt, Deceit, Deficiency and Decency – a Decade of Disillusionment. And another one called Identifying and Managing Network Zones in CIP-005. I know…it sounds mind numbing but I am quite sure that the energy Ninjas find it quite interesting.

Ultimately this is critical stuff. If we don’t want to find ourselves wandering the wastelands searching for food and water fighting off marauding bands of marauders (is that redundant?) its important for these ninjas to get it right and keep the pirates at bay.

Cross-posted from Tripwire's State of Security

Possibly Related Articles:
Industrial Control Systems
SCADA Compliance Regulation NERC Industrial Control Systems
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.