If you’re
just coming to this blog after my presentation yesterday at Digital Bond’s S4 conference, welcome! I promised at
the end of the presentation (actually, all presenters were called “performers”
this year, mainly because the new location at the Jackie Gleason Theatre in
South Miami Beach allowed a very different experience. I tried to take
advantage of this) that you could come to my blog for more information on the
ideas I had presented.
I must say
that the presentation is ahead of my blog. The presentation lays out at a high
level how I think NERC CIP should be rewritten, and in my blog I’m still
finishing up my case for why it should be rewritten in the first place (I came
to the conclusion that this has to happen only a few weeks ago). But my previous
post
kind of sets a coda to that, although I’m sure I’ll have more to say about that
topic, even while I’m laying out how I think the new CIP should work (which I’m
sure will take months, since I do have a day job and I’m trying to have as many
conversations with as many people as possible about what the new CIP should look
like).
For anyone
interested, I’ll be glad to send you my slides if you email me at talrich@deloitte.com. The “performances”
were videotaped and will be posted on Digital Bond’s web site, although it may
take a few weeks for that to happen. I’ll put up the link here when it is
posted. I do think this may have been the first cyber security presentation ever
that was accompanied by a gospel trio, but I’ll need to check my book of world
records to confirm that.
However, in
case you’re wondering, I’m not going to lose my focus on CIP versions 5 and 6,
since these will undoubtedly be with us for at least 2-3 years (my fear is it
will be longer than that, but I hope that’s not the case). NERC entities still
need to do their best to comply with these standards, and I will still do my
best to pass on whatever good advice I hear from others or think of myself. Even
though I’m still in Miami Beach, it doesn’t mean I have my head in the clouds.
Meanwhile, I’d
certainly welcome hearing from anyone who wants to write me (or to post
comments on the blog) about how you think NERC CIP can be rewritten. Of course,
I would never post what you say, even anonymously, without your permission.
The views and opinions expressed here are my own and don’t
necessarily represent the views or opinions of Deloitte Advisory.
No comments:
Post a Comment