NERC Risk Management Team Criticized for Cloud Standards Development Approach
The NERC Risk Management for Third-Party Cloud Services Standards Drafting Team is facing criticism for its approach to revising CIP standards, which may hinder compliance for electric utilities transitioning to cloud systems. A recent assessment highlights that existing definitions from 2011-2012 do not adequately encompass cloud technologies, prompting proposals for key changes to improve clarity and compliance. Without these adjustments, the team's current strategy risks delaying the implementation of effective cloud standards.
Theia Market Signal Identification - AI Assisted
The NERC Risk Management for Third-Party Cloud Services Standards Drafting Team (SDT) is revising NERC CIP standards to enable larger electric utilities and independent power producers to monitor and operate the North American Bulk Electric System (BES) in the cloud. However, a critical assessment suggests the drafting team is on an ineffective path, potentially leading to non-compliance with requirements.
The current CIP definitions, established in 2011-2012, do not adequately address cloud-based systems, leading to compliance challenges for entities transitioning to cloud services. To resolve these issues, three key changes to definitions and requirements are proposed: defining 'System' to include both on-premises and cloud-based systems, establishing a new definition for 'Cloud Electronic Access Control or Monitoring System,' and revising the definition of 'Electronic Access Control or Monitoring System' to exclude cloud data centers. The SDT's current strategy may extend the timeline for compliance without addressing the core problems.
Comments