How Does the Industry

By Lisa Vaas  |  Posted 2007-10-23 Print this article Print

Get Away with Doing Nothing?"> How is the industry getting away with doing nothing? NERCs [standards], the industry voted on them. They created them themselves.
The NERC standards are set up in such a way that … the first is the scoping document. If you determine that a piece of equipment is to be considered a critical cyber-asset, you have to go through and do the security program for it. If, on the other hand, you say its not a critical cyber-asset, you dont do anything more. Period. Youre done. You dont have to look at it anymore.
So what utilities are doing, and NERC has given them the ability to do, is basically to say, "I dont have" or "I have very, very few" critical cyber-assets. Then they dont have much to do besides a paper exercise. [NISTs proposed standard] says you dont have exclusions or exceptions. You have to assess these things. Same as for mainstream IT systems. [Industry wants] to exclude even looking. Could you please explain whats going on in Washington? Congress is going back and working with FERC. The reason is that, in the energy policy act, … [theres] effectively a poison pill to prevent FERC from being able to act like a regulator. Its prevented them from writing standards or rules. All it said was they can approve them. So the industry submitted NERC [rules] to FERC. FERC has a problem with them. FERC is going to send them back to NERC and say this is unacceptable, and then NERC has to put it back out for ballot. If they put out for ballot what FERC has told them to put in, it will be rejected. The only thing theyll approve is something watered down with minimal value. [I predict that] what youll see is an endless "do loop" [in Congress] and the grid being vulnerable for I dont know how long. Congress is working with FERC to determine how they can essentially be in the position to do their job and regulate and mandate. [But] to amend the energy act, that will probably take years. To get the energy act through in the first place took years. People are trying to [figure out], How do you get this fixed now, not 5 years or 10 years from now? And thats whats going on in Washington.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel