Survey says: NERC CIP compliance not enough to guarantee grid security


By: SGN Staff


Despite their acknowledged importance for the security of the bulk electric system, the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) standards can’t ensure grid security.


That was a primary finding from a survey by Tripwire, a risk-based security and compliance management firm. The survey was conducted with more than 100 IT professionals working with CIP compliance.


While 77% of the survey respondents said CIP compliance is needed to ensure cybersecurity of the system, 70% said compliance alone would not be enough.


Jeff Simon, service solutions director for Tripwire, commented "It is encouraging that a majority of respondents acknowledge the value of NERC CIP compliance and the key role it plays in energy cybersecurity. Most respondents also acknowledge that NERC CIP compliance alone is not sufficient to ensure cybersecurity - they know compliance is just the start of an effective cybersecurity strategy.