Today’s LiveWire Spotlight discusses a cyber security controversy touched off by the U.S. Government Accountability Office’s (GAO’s) report on the vulnerability of the BPS to cyber-attacks as requested by four members of Congress. The GAO’s conclusion that the CIP standards are inadequate because they do not fully adhere to NIST’s Cybersecurity Framework evoked a strong response from NERC – who pointed out that their security program includes both guidance and mandatory elements; and the total package is fully aligned with NIST’s entirely voluntary framework.
The DOE is working with the National Security Council to develop a cybersecurity strategy plan that will include a full assessment of risks to the BPS. Once released at year’s end, FERC will rely on the plan’s findings to determine how, or if, to update the CIP standards.