Summary
This technical report authored by Dr. Thomas Duffey discusses the challenges and requirements related to the protection of the Bulk Electric System (BES) from modern cyber threats. It outlines the critical infrastructure defined by U.S. Executive Order 13010 and emphasizes the importance of operational technology (OT) in managing industrial control systems. The report details the evolving nature of cyber threats, highlighting recent attacks on OT systems and the potential consequences for national security. It also examines regulatory compliance mandates, specifically the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards, which are designed to enhance the reliability and security of the BES. The report further addresses the need for organizations to adopt security frameworks that go beyond compliance to improve their overall security posture. Additionally, it presents the challenges faced by electric entities in maintaining compliance and the implications of non-compliance, including significant penalties. Overall, the report serves as a comprehensive resource for understanding the intersection of compliance and security in the context of the BES.
