Today’s LiveWire Spotlight article evaluates the findings and recommendations from Commission Staff who attended a series of CIP cyber security audits in 2016 thru 2018. Ten Lessons Learned were distilled from data collected from information requests, SME interviews, and on-site observations of actual operations.

The Lessons Learned identified by FERC’s Staff are not a guarantee of compliance, but auditors tend to give special consideration to Responsible Entities who make a good faith attempt to adhere to the Commission’s recommendations.