Written Testimony of Rick Sergel, NERC President & CEO Before the U.S. Senate Committee on Energy and Natural Resources Hearing on Joint Staff Draft Related to Cybersecurity and Critical Electricity Infrastructure May 7, 2009
"The cyber security of the bulk power system in North America remains an important concern for our nation. When I last spoke in front of a Congressional committee in September 2008, my organization, the North American Electric Reliability Corporation (NERC), had just launched a major initiative to improve its response to cyber security challenges. I am pleased to report significant progress on this front, which is a clear indication that the framework established under Section 215 of the Federal Power Act is producing results. But I remain firm in the message I communicated nine months ago: the Federal government should be given additional, carefully crafted, emergency authority to address specific, imminent cyber security threats.
"My testimony today will focus on the steps NERC has taken to enhance protection of the North American bulk power system from cyber security threats, and offer NERC’s views on the Joint Staff Draft, which would provide the needed federal authority."
Continue Reading >>
Rick Sergel and his team have done a great job to accelerate the NERC CIP adoption and verification processes. All utilities are hard at work to be fully compliant, if they are not already.
The real challenge is that we find ourselves balancing the forces of Functionality/Convenience vs. Security vs. Affordability. In the end, my second law of Information Technology says: "When balancing the forces of Functionality/Convenience vs. Security vs. Affordability, one must pick only two forces to drive the project and achieve compliant results." Trying to achieve the three forces at once does not deliver sustainable results. Some grid users feel that Security must trump everything else. While other grid users feel that Functionality/Convenience comes first. And yet other grid users want Affordability to be the focus.
My first law of Information Technology says: "When balancing the forces of Cheaper vs. Faster vs. Better, one must pick only two forces to drive the project and achieve sustainable results."